Skip to content

Manufacturing at risk after critical flaws found in industrial control devices

Posted by: GuidePoint Security

< 1 min read

Published 08/11/2021, 9:00am

Last week cybersecurity researchers announced the discovery of 14 vulnerabilities found in the transmission control protocol/internet protocol (TCP/IP) stack used in millions of industrial control devices. 

The devices are manufactured by at least 200 different vendors and deployed in power plants, factories, water treatment facilities, manufacturing plants, and critical infrastructure sectors.

The bugs, dubbed INFRA:HALT, target the InterNiche and NicheLite TCP/IP stack and could enable a threat actor to achieve remote code execution, information leaks, TCP spoofing, DNS cache poisoning, and denial of service attacks.

Two of the bugs (CVE-2020-25928 and CVE-2021-31226) are rated as critical severity. Ten are rated as high severity, and the remaining two are rated as medium severity. The bugs are listed as:

  • CVE-2020-25928 (critical)
  • CVE-2021-31226 (critical)
  • CVE-2020-25927 (high
  • CVE-2020-25767 (high)
  • CVE-2021-31227 (high)
  • CVE-2021-31400 (high)
  • CVE-2021-31401 (high)
  • CVE-2020-35683 (high)
  • CVE-2020-35684 (high)
  • CVE-2020-35685 (high)
  • CVE-2021-27565 (high)
  • CVE-2021-36762 (high)
  • CVE-2020-25926 (medium)
  • CVE-2021-31228 (medium)

Next Steps

On August 5, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on these vulnerabilities. The owner of the TCP/IP stack was informed of the vulnerabilities in September 2020 and patched them in May 2021 with its version 4.3 release. Users of this TCP/IP stack are urged to upgrade their systems.

CISA reminds organizations to perform appropriate impact analysis and risk assessment prior to taking any defensive measures. They also recommend the following key steps to mitigate issues with this TCP/IP stack:

  • Minimize network exposure for all control system devices and systems, and ensure that they are not accessible from the Internet
  • Locate control system networks and remote devices behind firewalls and isolate them from the business network
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also, recognize VPN is only as secure as its connected devices

Categories: Blog Cybersecurity

GuidePoint Security

Countering The Threat Of Spear-Phishing
With Spear-Phishing, many organizations feel like their tools will help them stop the attacks. This is true at some levels, […]
Download

Related Articles

View All

  • Security Awareness & Education
Countering The Threat Of Spear-Phishing
Read More < 1 min read
  • Blog
Navigating Incident Response Documentation
Posted by: Robert Bell
Read More 3 min read
  • Governance, Risk & Compliance
Bridging the Gap: How a Controls-Focused Cybersecurity Program Aligns SEC Rules with Daily Operations
Posted by: Denny Dean
Read More 3 min read