Israel National Cyber Directorate warns of critical vulnerabilities in equipment used in energy and industrial sectors
The vulnerabilities were discovered in a TCP/IP Stack called NicheStack that is included in a large number of operational components, including Siemens controllers
The vulnerabilities were discovered in a TCP/IP Stack called NicheStack that is included in a large number of operational components, including Siemens controllers and other equipment from reputable companies. The researchers estimate that there are millions of facilities in the world that contain equipment that uses the vulnerable software component. Such facilities control various production processes such as pump operations, temperature control, production line control and more. Without appropriate preventive measures, organizations and companies, mainly in the energy, industry, production and retail sectors, are potentially exposed to cyber disruption.
The details of the vulnerabilities were shared in advance by the Israeli research team at Forescout with the Israeli National Cyber Directorate, as part of an extensive research collaboration that is emerging between the Directorate and Forescout. The vulnerabilities were shared through a responsible disclosure procedure with the relevant manufacturers."The Directorate calls upon organizations that use vulnerable equipment that use this software to take immediate preventive action, and on vendors of said products to alert their customers to the risk and provide them with appropriate security updates in a timely manner," the Directorate added.