Aug 06 2021

14 Flaws in NicheStack Leave PLCs, OT Controllers Vulnerable

Category: OT/ICSDISC @ 9:39 am

Considering that OT environments are increasingly in the crosshairs of attackers, the 14 vulnerabilities that JFrog and Forescout Research Labs recently discovered in NicheStack should make the likes of Siemens, Schneider Electric and Rockwell Automation take notice–and action.

Millions of programmable logic controllers (PLCs) and controllers from more than 200 device makers use NicheStack, a common, proprietary TCP/IP stack. NicheStack is employed in a wide array of critical infrastructure sectors globally like manufacturing plants, water treatment and power generation and transmission and distribution. It is the basis for numerous TCP/IP stacks and used by OEMS like Altera, Microchip, STMicroelectronics and Freescale.

“These vulnerabilities are very common in OT environments, as many major device vendors are listed as NicheStack customers,” said JFrog CTO Asaf Karas. “For instance, the stack is used in the Siemens S7 PLC, which is one of the most popular PLCs.”

The raft of flaws, dubbed INFRA:HALT, cover a wide gamut of threats–from remote code execution and denial of service (DoS) to TCP spoofing, information leak and DNS cache poisoning. The worst of the flaws, 2020-25928 and 2021-31226 logged CVSSv3.1 scores of 9.8 and 9.1, respectively.

At least for now, there’s a positive take: It seems adversaries have yet to stumble across the flaws. “We didn’t see any sign of exploitation,” said Karas.

He expressed surprise that the vulnerabilities had gone undiscovered. “The biggest surprise is that these kinds of vulnerabilities, that can be automatically detected, were not discovered for such a long time, especially given how critical they are and how common NicheStack is,” said Karas.

InterNiche Technologies has released patches for the vulnerabilities. Still, guarding against them is a thorny matter because, not surprisingly, patching across the supply chain is incredibly challenging from a logistics perspective and OT devices are critical in the environments that use them. So, while the best option for taking the teeth out of these flaws is upgrading to NicheStack v4.3, it might not be the route that many OT-driven businesses take.

14 Flaws in NicheStack Leave PLCs, OT Controllers Vulnerable

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

Tags: OT controller, PLC