A new report covers 14 critical and high-risk vulnerabilities found in a proprietary TCP/IP stack called NicheStack that’s widely used in operational technology (OT) devices from up to 200 vendors. These devices include programmable logic controllers (PLCs), such as the Siemens S7, which are the building blocks of industrial automation and are used in critical infrastructure sectors. The majority of the vulnerabilities are buffer overflows and out-of-bounds memory writes that result from insecure parsing of packets over different protocols.”]