The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by many vendors across the globe.
Dubbed “Ripple20,” the set of 19 vulnerabilities resides in a low-level TCP/IP software library developed by Treck, which, if weaponized, could let remote attackers gain complete control over targeted devices—without requiring any user interaction.
According to Israeli cybersecurity company JSOF—who discovered these flaws—the affected devices are in use across various industries, ranging from home/consumer devices to medical, healthcare, data centres, enterprises, telecom, oil, gas, nuclear, transportation, and many others across critical infrastructure.
“Just a few examples: data could be stolen off of a printer, an infusion pump behaviour changed, or industrial control devices could be made to malfunction. An attacker could hide malicious code within embedded devices for years,” the researchers said in a report shared with The Hacker News.
“One of the vulnerabilities could enable entry from outside into the network boundaries; this is only a small taste of the potential risks.”
There are four critical vulnerabilities in Treck TCP/IP stack, with CVSS scores over 9, which could let attackers execute arbitrary code on targeted devices remotely, and one critical bug affects the DNS protocol.
images from Hacker News