Skip Navigation

August 5, 2021 |

Researchers find multiple vulnerabilities in NicheStack

Loading table of contents...

Researchers published details on a set of 14 vulnerabilities affecting NicheStack, a TCP/IP stack commonly used by industrial automation companies. Several vendors will be releasing updates to fix the flaws. Timely updates are recommended.


  • Collectively dubbed INFRA:HALT, this set of vulnerabilities affects NicheStack prior to 4.3. NicheStack is a proprietary TCP/IP stack for embedded systems developed by InterNiche Technologies.
  • HCC Embedded, the company that acquired the networking business of InterNiche Technologies in 2016, released security advisories and updates. Device vendors using vulnerable versions of the stack will be releasing their own firmware updates to their customers.
  • The majority of the vulnerabilities have been rated as high severity. Two of the flaws were rated as critical:
    • CVE-2020-25928 is an out-of-bounds read/write when parsing DNS responses, leading to remote code execution. CVSS score: 9.8.
    • CVE-2021-31226 is a heap buffer overflow flaw when parsing HTTP post requests, leading to remote code execution. CVSS score: 9.1.
  • Researchers report finding 2,500 systems from 21 vendors that are vulnerable to INFRA:HALT with a wide range of issues including remote code execution, denial of service (DoS), information leaks, TCP spoofing, and DNS cache poisoning.
  • An active scanning tool to identify the affected products on the networks was published. Care should be taken if leveraging these tools, as they have only been validated in test environments and perform active scanning on the network.


  • We recommend monitoring vendor update releases and timely patching of affected devices.