Millions of Operational Technology (OT) devices manufactured by over 200 vendors are at risk of cyberattacks following the discovery of 14 new vulnerabilities. Collectively called INFRA:HALT, these vulnerabilities affect devices used across manufacturing plants, power generation, water treatment, and other critical infrastructure organizations. 

More deets on INFRA:HALT

  • In a joint report, JFrog and Forescout found that INFRA:HALT affects a NicheStack aka InterNiche TCP/IP stack that is designed to provide internet connectivity to industrial equipment.
  • The exploitation of these flaws can enable attackers to achieve remote code executive, denial of service, information leak, TCP spoofing, and even DNS cache poisoning. 
  • The flaws affect all versions prior to 4.3 of NicheStack.
  • The affected vendors include Siemens, Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric. 

List of 14 flaws

  • The flaws are tracked as CVE-2020-25928,  CVE-2021-31226, CVE-2020-25767, CVE-2020-25927, CVE-2021-31227, CVE-2021-31400, CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-27565, CVE-2021-36762, CVE-2020-25926, and CVE-2021-31228.
  • To exploit these flaws, a threat actor would first need to gain access to the internal network of the company’s OT section. 
  • Around 6,400 devices connected to the internet as of March 2021, have been found to be vulnerable to the INFRA:HALT vulnerability.

Worth noting

  • This is the sixth severe security weakness that has been identified in the protocol stacks used by millions of internet-connected devices.
  • The previously discovered flaws are URGENT/11, Ripple20, AMNESIA:33, NUMBER:JACK, and NAME:WRECK. 

Mitigations recommended 

While HCC Embedded, which maintains the C library, has addressed the issues by releasing software patches, it can take a considerable amount of time before device vendors using the vulnerable firmware get an updated version of the NicheStack.

For mitigating these vulnerabilities, Forescout has released an open-source script to detect devices running vulnerable NicheStack. It has also advised enforcing segmentation controls and monitoring traffic for malicious packets to mitigate the risk.

Cyware Publisher