Author Topic: INFRA:HALT - vulnerabilities in NicheStack (TCP/IP stack)  (Read 1035 times)

0 Members and 1 Guest are viewing this topic.

Offline madires

  • Super Contributor
  • ***
  • Posts: 6153
  • Country: de
  • A qualified hobbyist ;)
INFRA:HALT - vulnerabilities in NicheStack (TCP/IP stack)
« on: August 04, 2021, 12:12:59 pm »
14 critical vulnerabilities found in NicheStack (TCP/IP stack) and 200+ vendors effected, a lot of PLCs.
https://www.forescout.com/research-labs/infra-halt/
 
The following users thanked this post: mrflibble

Online NiHaoMike

  • Super Contributor
  • ***
  • Posts: 7411
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: INFRA:HALT - vulnerabilities in NicheStack (TCP/IP stack)
« Reply #1 on: August 06, 2021, 03:25:52 am »
Yet another example of security through obscurity failing in the long run.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline mrflibble

  • Super Contributor
  • ***
  • Posts: 2051
  • Country: nl
Re: INFRA:HALT - vulnerabilities in NicheStack (TCP/IP stack)
« Reply #2 on: September 08, 2021, 08:35:09 pm »
14 critical vulnerabilities found in NicheStack (TCP/IP stack) and 200+ vendors effected, a lot of PLCs.
https://www.forescout.com/research-labs/infra-halt/
Just for the fun of it gave the research report a quick scan. Buffer overflow and lack of input validation is still pretty popular, tsk tsk. At least this one is a bit more amusing: "Whenever an unknown HTTP request is received, a panic is invoked."

Reminds me of Novell servers in the previous millennium, where you could crash the entire server by a simple telnet to port 25.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf