AMNESIA:33, the first study under Project Memoria, published December 8, 2020. AMNESIA:33 is a set of 33 new memory-corrupting vulnerabilities impacting millions of IoT, OT and IT devices that present an immediate risk for organizations worldwide.
NUMBER:JACK, Project Memoria’s second study, published February 10, 2021. It disclosed nine vulnerabilities in multiple TCP/IP stacks that can improperly generate ISNs (Initial Sequence Numbers) within TCP connections, leaving a device’s TCP connections open to attacks.
NAME:WRECK is a collaborative study published by Forescout Research Labs and JSOF on April 13, 2021. It discloses nine vulnerabilities affecting four popular TCP/IP stacks used in millions of IoT, OT and IT devices and allows for Denial of Service or Remote Code Execution.
Forescout Research Labs and JFrog Security Research discover 14 new vulnerabilities affecting closed source TCP/IP stack NicheStack, allowing for Denial of Service or Remote Code Execution primarily affecting operational technology (OT) and industrial control system (ICS) devices.