A global leader in cybersecurity solutions, today released “SIERRA:21 – Living on the Edge,” an analysis of 21 newly discovered vulnerabilities in OT/IoT routers and open source software components.
The report was written by Forescout Research – Vedere Labs, which specializes in uncovering security vulnerabilities in critical infrastructure. The analysis highlights the ongoing risk to critical infrastructure and highlights possible mitigation measures. “SIERRA:21 – Living on the Edge” describes research on Sierra Wireless AirLink cellular routers and a number of associated open source components such as TinyXML and OpenNDS.
Sierra wireless routers are popular: An open database of Wi-Fi networks lists 245.000 networks worldwide where Sierra wireless routers serve a variety of applications. The routers are used, for example, in police vehicles to establish a connection to central network management systems or to transmit surveillance videos; in factories to enable monitoring of industrial equipment; in healthcare facilities to establish temporary connections; and to manage electric vehicle charging stations. The 21 new vulnerabilities have the potential to disrupt critical communications, impacting daily life.
Critical vulnerabilities
The attack surface is large: 86.000 vulnerable routers are still online. Less than 10 percent of these routers have been proven to be patched against known security vulnerabilities found since 2019. The regions with the highest number of vulnerable devices are: 68.605 devices in the USA, 5.580 devices in Canada, 3.853 devices in Australia, 2.329 devices in France, 1.001 devices in Thailand.
Of the 21 vulnerabilities, one is critical (CVSS score 9,6), nine are of high severity and eleven are of medium severity. The vulnerabilities allow attackers to steal login credentials, take control of a router by injecting malicious code, implant themselves on the affected device, and use it as an entry point into critical networks.
No patches for end-of-life devices
Not all problems can be solved with patches. 90 percent of devices with a specific management interface have reached end-of-life and can no longer be patched. Securing components in the supply chain is an uphill battle. Open source software elements remain often uninspected, increasing the attack surface of critical devices. The result is security gaps that companies may find difficult to detect and mitigate.
“We are sounding the alarm today because there are still thousands of OT/IoT devices that are highly vulnerable and need to be addressed,” said Elisa Constante, VP of Research, Forescout Research – Vedere Labs. “Vulnerabilities affecting critical infrastructure are like open windows through which bad actors can enter anywhere. State-sponsored attackers are developing custom malware for routers to hijack routers and exploit them for espionage purposes. Cybercriminals also use routers and associated infrastructure for residential proxies and recruitment for botnets. Our findings once again underscore the need to raise awareness of the OT/IoT edge devices that are so often overlooked.” Sierra Wireless and OpenDNS have released patches for the vulnerabilities found. The open source project TinyXML, however, was discontinued.
More at Forescout.com
About Forescout
Forescout Technologies, Inc. is a global cybersecurity leader that continually identifies, protects and helps ensure compliance across all managed and unmanaged connected cyber assets - IT, IoT, IoMT and OT. The Forescout® platform provides comprehensive network security, risk and threat management, and advanced detection and response capabilities. By seamlessly sharing information and orchestrating workflows across ecosystem partners, customers can more effectively manage cyber risk and mitigate threats.
Matching articles on the topic