14 Critical Vulnerabilities in NicheStack TCP/IP Stack Expose OT Devices to Remote Attacks

14 Critical Vulnerabilities in NicheStack TCP/IP Stack Expose OT Devices to Remote Attacks

In August 2021, Forescout Research Labs and JFrog Security Research uncovered 14 serious flaws in the NicheStack TCP/IP stack, which they named INFRA:HALT.

The NicheStack stack powers a wide array of operational‑technology (OT) devices across critical infrastructure sectors—manufacturing, water treatment, power generation, and more—making it a high‑profile target for adversaries.

These defects allow attackers to perform remote code execution, launch denial‑of‑service attacks, steal sensitive information, spoof TCP connections, and poison DNS caches.

Industrial Control Systems Under Threat

The findings underscore how aging, Internet‑connected OT systems remain vulnerable. “It is an unfortunate example of the huge vulnerability of an aging infrastructure that has been connected, directly or indirectly, to the Internet,” says Curtis Simpson, CISO at Armis.

Brian Kim of Forrester Research advises critical‑infrastructure operators to first map their OT assets, then adopt a zero‑trust posture that enforces least privilege, network segmentation, and strict allow‑lists.

“One of the best ways we can reduce the impact of a breach is a zero‑trust strategy by limiting the communications of these industrial control systems,” Kim explains. “We can create an allow list that only permits communications with control systems that run a process—allowing least privilege for network connections—and ideally place a barrier between IT and OT, segmenting each facility into its own network.”

JFrog and Forescout will present a webinar on August 19 to detail how the vulnerabilities were discovered and the mitigation steps operators can take.

Rising Attacks on Critical Infrastructure

Recorded Future reported roughly 65,000 ransomware attacks last year alone.

Attackers are drawn to OT devices because they often lack modern security controls. Compromise of a single device can cripple operations, prompting organizations to consider paying ransom to restore services.

“The nature of these vulnerabilities could lead to heightened risk and expose national critical infrastructure at a time when the industry is seeing an increase in OT attacks against global utilities, oil and gas pipeline operators, as well as healthcare and the supply chain,” Forescout Research Labs warned.

Once a device is compromised, the vulnerable stack can serve as an entry point for malware to spread throughout an organization’s IT network.

Brian Kim highlighted the Colonial Pipeline incident as a stark reminder that critical infrastructure systems are not isolated; they are interconnected “systems of systems” that can propagate attacks across supply chains.

“Ultimately, operators must shift their perspective toward comprehensive resilience,” Kim concluded. “A strong focus on security and resilience is essential for protecting the critical infrastructure they manage.”