Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements.
Sierra Wireless routers are used for police vehicles connecting to a central network management system or to stream surveillance video in manufacturing plants for industrial asset monitoring, in healthcare facilities providing temporary connectivity, and to manage electric vehicle charging stations.
He 21 new vulnerabilities can potentially stop vital communications from impacting everyday life.
The attack surface is expansive, with 86,000 vulnerable routers still exposed online.
Less than 10% of these routers are confirmed to be patched against known previous vulnerabilities found since 2019.
Among the 21 vulnerabilities, one has critical severity, nine have high severity, and 11 have medium severity.
These vulnerabilities allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device, and use it as an initial access point into critical networks.
90 percent of devices exposing a specific management interface have reached the end of life, meaning they cannot be further patched.
It's an uphill battle to secure supply chain components.
Open-source software elements continue to go unchecked and increase the attack surface of critical devices, leading to vulnerabilities that may be hard for organizations to track and mitigate.
Sierra Wireless and OpenDNS have issued patches for the identified vulnerabilities.
TinyXML is an abandoned open-source project, so the upstream vulnerabilities will not be fixed and must be addressed downstream.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 06 Dec 2023 10:13:04 +0000