Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory to warn organizations using industrial control systems (ICS) about the risks posed by these flaws. A low-level TCP/IP software library, the Treck TCP/IP stack is specifically designed for embedded systems, featuring small critical sections and a small code footprint. CISA says the product is used worldwide in the critical manufacturing, IT, healthcare and transportation sectors. Last week, a series of four new vulnerabilities that Intel’s security researchers discovered in the Treck TCP/IP stack were made public. Two of these were rated critical severity.
Source: www.securityweek.com