Articles 33 vulnerabilities threaten millions of Critical Infrastructure

33 vulnerabilities threaten millions of Critical Infrastructure

-

Cybersecurity researchers have found 33 vulnerabilities in four open source TCP / IP libraries. Currently, problematic libraries are used in the firmware of products from more than 150 vendors.

The holes were discovered by specialists of the Forescout company, they also noted that millions of industrial devices are at risk. Experts have combined all 33 holes under a common name – Amnesia: 33.

Vulnerabilities affect a whole range of different devices: smartphones, game consoles, SoCs (system on a chip, System-on-a-Chip, SoC), HVAC systems, printers, routers, IP cameras, and more.

Among the problematic libraries, Forescout researchers named uIP, FNET, picoTCP, and Nut / Net. Over the past twenty years, device manufacturers have frequently added one of these four libraries to their firmware to enable support for the TCP / IP protocols that are used for most networking today.

If these 33 vulnerabilities are successfully exploited, an attacker can carry out a number of dangerous attacks:

  • Execute the code remotely (RCE) and take control of the attacked device.
  • Cause denial of service (DoS) and disrupt manufacturing processes.
  • Steal confidential information belonging to the attacked enterprise.
  • Force a target device to visit a malicious site using a DNS cache poisoning attack.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you