Critical Infrastructure Still at High Risk: Forescout Research Spotlights 21 New Vulnerabilities>
Business Wire –
Forescout, a global cybersecurity leader, has released “SIERRA:21 – Living on the Edge,” a report revealing 21 new vulnerabilities within OT/IoT routers and open-source software components.
These vulnerabilities pose a significant risk to critical infrastructure and could have a pervasive impact on everyday life.
The vulnerabilities covered in the report pertain to Sierra Wireless AirLink cellular routers and open-source components such as TinyXML and OpenNDS.
Sierra Wireless routers are extensively utilized across various applications, including police and surveillance systems, industrial asset monitoring, healthcare facilities, and electric vehicle charging stations.
The 21 newly uncovered vulnerabilities have the potential to disrupt vital communications, impacting essential services and infrastructure.
Key Findings from the Report:
– There are approximately 86,000 vulnerable routers still exposed online, with less than 10% confirmed to be patched against known previous vulnerabilities discovered since 2019.
– The United States, Canada, Australia, France, and Thailand are among the regions with the highest numbers of exposed devices.
– Among the 21 vulnerabilities, one is classified as critical, nine as high severity, and eleven as medium severity, enabling attackers to steal credentials, inject malicious code, persist on devices, and gain initial access to critical networks.
– Approximately 90% of devices exposing a specific management interface have reached end of life, making them impossible to further patch.
– Open-source software elements are identified to increase the attack surface of critical devices, posing a challenge for organizations to track and mitigate vulnerabilities.
Recommendations:
– Elisa Constante, VP of Research at Forescout Research – Vedere Labs, highlights the pressing need for attention to the many OT/IoT devices that represent an increased attack surface.
– Sierra Wireless and OpenDNS have issued patches for the identified vulnerabilities.
However, the upstream vulnerabilities related to TinyXML, an abandoned open-source project, will not be fixed and must be addressed downstream.
The report and additional resources are available for more in-depth insights and understandings of the vulnerabilities and their implications.
For more information and to access the full report “SIERRA:21 – Living on the Edge,” visit: https://www.forescout.com/resources/sierra21-vulnerabilities.
Additional Resources:
– On-demand webinar: https://www.brighttalk.com/central/account/616385/channel/13809/video/602171
– Forescout Research insight: “Hacktivists attack U.S. water treatment plant – analysis and implications”
Link: https://www.businesswire.com/news/home/20231205915662/en/