This article has been indexed from CSO Online
Embedded devices, especially those designed for industrial automation that have long shelf lives, are known to use a mixture of in-house and third-party code that was created at a time when software vulnerabilities were not as well understood as today. Critical flaws found in proprietary components that hardware vendors have widely used for years have far-reaching implications. Patching is not always an option.
This is highlighted by the findings over the past year of researchers from Forescout Research Labs and JFrog Security Research, who have investigated the TCP/IP stacks used in a variety of IoT and other embedded systems. This has resulted in major flaws being identified that impact millions of devices in reports such as Ripple20, NAME:WRECK, NUMBER:JACK or AMNESIA:33.
Read the original article: Serious flaws in widespread embedded TCP/IP stack endanger industrial control devices