ICS Vendors Assess Impact of INFRA:HALT Vulnerabilities

Source
Advertisement


Forescout Research Labs and JFrog Security Research found a total of 14 vulnerabilities in NicheStack, a TCP/IP stack used by many operational technology (OT) vendors. The flaws, a majority of which have been assigned critical and high severity ratings, can be exploited for remote code execution, denial of service (DoS) attacks, obtaining information, TCP spoofing, and DNS cache poisoning.

In an attack scenario described by the researchers, the attacker remotely exploits one of the INFRA:HALT vulnerabilities to crash a programmable logic controller (PLC) and disrupt the associated physical process.

Advertisement