INFRA:HALT secuirty vulnerability alert

Recently, researchers from JFrog and Forescout released a joint report that publicly disclosed 14 security vulnerabilities (collectively referred to as INFRA:HALT) found in the NicheStack TCP/IP stack. These vulnerabilities can lead to remote code execution, denial of service, Information leakage, TCP spoofing, or DNS cache poisoning. Researchers said that an attacker who successfully exploited the INFRA:HALT vulnerability could damage the building’s HVAC system or take over the controllers used for manufacturing and other critical infrastructure, causing OT and ICS equipment to go offline and hijacked, and the attacker can spread malware through the hijacked device.

NicheStack is a commonly-used, proprietary TCP/IP stack for embedded systems, developed by InterNiche Technologies in 1996. In 2003, NicheStack extended its support to IPv6. NicheStack serves as the basis for other TCP/IP stacks and was also distributed in different versions for OEMs including STMicroelectronicsFreescale (NXP), Altera (Intel), and Microchip.

Affected version

  • NicheStack < 4.3

Unaffected version

  • NicheStack 4.3


Users can use the open-source script released by Forescout to detect devices running NicheStack. It is recommended that relevant users implement segmentation control and monitor all network traffic of malicious data packets to reduce the risk of vulnerable devices. At present, HCC Embedded has officially released a new version that fixes the above vulnerabilities. Affected users are requested to upgrade the NicheStack version for protection as soon as possible.