Project Memoria Concludes
Over the past 18 months we have announced 5 different phases of vulnerability research with a total of 97 vulnerabilities, affecting 14 TCP/IP stacks. This report summarizes the key findings and mitigation steps that organizations can take to protect themselves from the vulnerabilities found.
Concluding Project Memoria does not mean that our work is done, either for TCP/IP stacks or other foundational components of the connected device ecosystem. As we did in previous studies, we invite other researchers and device vendors to continue this work and collaborate with us in future research.
Vedere Labs and JFrog Security Research discovered 14 new vulnerabilities affecting closed source TCP/IP stack NicheStack. The report, published on August 4, 2021, describes how the vulnerabilities allow for Denial of Service or Remote Code Execution primarily affecting operational technology (OT) and industrial control system (ICS) devices.
Vedere Labs, with support from Medigate Labs, have discovered a set of 13 new vulnerabilities affecting the Nucleus TCP/IP stack, which we are collectively calling NUCLEUS:13. The report, published on November 9, 2021, outlines how the new vulnerabilities allow for remote code execution, denial of service, and information leak. Nucleus is used in safety-critical devices, such as anesthesia machines, patient monitors and others in healthcare.