Business Wire

CA-FORESCOUT

6.12.2023 07:02:34 CET | Business Wire | Press release

Share
Critical Infrastructure Still at High Risk: Forescout Research Spotlights 21 New Vulnerabilities

Forescout, a global cybersecurity leader, today released “SIERRA:21 – Living on the Edge,” an analysis of 21 newly discovered vulnerabilities within OT/IoT routers and open-source software components. The report — produced by Forescout Research – Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in critical infrastructure — emphasizes the continued risk to critical infrastructure and sheds light on possible mitigations.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231205915662/en/

To view this piece of content from mms.businesswire.com, please give your consent at the top of this page.

Sierra:21 Infographic (Source: Forescout)

“SIERRA:21 – Living on the Edge” features research into Sierra Wireless AirLink cellular routers and some of its open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular — an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for a variety of applications. For example, Sierra Wireless routers are used for police vehicles connecting to a central network management system or to stream surveillance video, in manufacturing plants for industrial asset monitoring, in healthcare facilities providing temporary connectivity and to manage electric vehicle charging stations. The 21 new vulnerabilities have the potential to stop vital communications that could impact everyday life.

Read the blog: Forescout Vedere Labs discloses 21 new vulnerabilities affecting OT/IoT routers

Forescout Research further finds:

  • The attack surface is expansive with 86,000 vulnerable routers still exposed online. Less than 10% of these routers are confirmed to be patched against known previous vulnerabilities found since 2019.
  • Regions with the highest number of exposed devices includes:
    • 68,605 devices in The United States
    • 5,580 devices in Canada
    • 3,853 devices in Australia
    • 2,329 devices in France
    • 1,001 devices in Thailand
  • Among the 21 vulnerabilities, one has critical severity (CVSS score 9.6), nine have high severity and 11 have medium severity. These vulnerabilities allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks.
  • Patching can’t fix everything. 90 percent of devices exposing a specific management interface have reached end of life, meaning they cannot be further patched.
  • It’s an uphill battle to secure supply chain components. Open-source software elements continue to go unchecked and increase the attack surface of critical devices, leading to vulnerabilities that may be hard for organizations to track and mitigate.

“We are raising the alarm today because there remain thousands of OT/IoT devices representing an increased attack surface that requires attention,” advises Elisa Constante, VP of Research, Forescout Research – Vedere Labs. “Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets. Our discoveries reaffirm the need for heightened awareness of the OT/IoT edge devices that are so often neglected.”

Sierra Wireless and OpenDNS have issued patches for the identified vulnerabilities. TinyXML is an abandoned open source project, so the upstream vulnerabilities will not be fixed and must be addressed downstream.

For more information, download the full report, “SIERRA:21 – Living on the Edge,” now at https://www.forescout.com/resources/sierra21-vulnerabilities.

Additional Resources:

About Forescout

Forescout Technologies, Inc., a global cybersecurity leader, continuously identifies, protects and helps ensure the compliance of all managed and unmanaged connected cyber assets – IT, IoT, IoMT and OT. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide vendor-agnostic, automated cybersecurity at scale. The Forescout® Platform delivers comprehensive capabilities for network security, risk and exposure management, and extended detection and response. With seamless context sharing and workflow orchestration via ecosystem partners, it enables customers to more effectively manage cyber risk and mitigate threats.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20231205915662/en/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com
DK

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Agenus Announces Oversubscribed Private Placement of Up to $340 Million to Advance Registrational ROBBIN Trial of Neoadjuvant BOT+BAL in MSS Colon Cancer13.7.2026 12:00:00 CEST | Press release

$85M upfront financing, along with up to $255 million upon exercise of purchase warrants, is expected to fund ROBBIN1, Agenus' registrational Phase 3 trial of neoadjuvant botensilimab and balstilimab (BOT+BAL) in microsatellite-stable (MSS) colon cancer Transaction is structured to fund Agenus through key value-inflection points, including interim topline pathologic response data and interim and final event-free survival (EFS) analyses, with proceeds to fund Agenus operations through year-end 2031, assuming full warrant exercise ROBBIN target population in MSS colon cancer represents a >$7 billion addressable annual sales opportunity in the US for which no new therapies have been approved in over 20 years2,3 To focus resources on the neoadjuvant opportunity, Agenus is discontinuing financial support for the ongoing BATTMAN Phase 3 study in late-line metastatic MSS colorectal cancer Company to host conference call and webcast today at 8:30 a.m. ET Agenus Inc. (Nasdaq: AGEN), a leader in

Zayed Sustainability Prize Closes 2027 Submissions with Strong Global Participation13.7.2026 11:48:00 CEST | Press release

Over 10,000 entries from 177 countries mark the highest participation in the Prize’s historySubmissions increased 32% year-on-year, reflecting sustained local led momentum for scalable global impactThrough 139 winners, the Prize has positively impacted more than 411 million lives worldwide The Zayed Sustainability Prize, the UAE’s pioneering award for innovative solutions to global challenges, has officially closed submissions for its 2027 awards cycle, receiving an unprecedented 10,233 entries from 177 countries across its six categories of Health, Food, Energy, Water, Climate Action and Global High Schools. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260713519403/en/ Zayed Sustainability Prize Closes 2027 Submissions with Strong Global Participation (Photo: AETOSWire) Now in its 18th year, the Prize continues to attract a diverse and growing pool of small and medium-sized enterprises, nonprofit organisations and high sc

Ant Group Open-Sources SingGuard-NSFA to Establish New Security Paradigms for Autonomous AI Agents13.7.2026 11:01:00 CEST | Press release

Ant Group’s AI Security Lab today announced the open-source release of SingGuard-NSFA, a specialized security guardrail framework designed specifically for autonomous AI agents. The framework secures agentic AI systems against operational threats like prompt injection, addressing critical vulnerabilities as AI transitions from passive content generation to active, autonomous execution. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260712722454/en/ As AI agents rapidly move from research labs to business scenarios, the security landscape has fundamentally shifted. The explosive global adoption of open-source agent frameworks like OpenClaw, celebrated for their "one-click deployment" and "full-stack autonomy", has simultaneously exposed significant operational risks, including permission escalation and prompt injection. Industry frameworks, including the OWASP (Open Web Application Security Project) Top 10 for Agentic Applica

Incyte Presents Phase 1/2 Multidose Data for VGA039 (Latarcibart) at ISTH 2026, Showing Substantial Bleed Reductions in Patients with all Von Willebrand Disease Types13.7.2026 10:00:00 CEST | Press release

- Treatment with latarcibart led to an 81% median reduction in annualized bleeding rate (ABR) across all bleeding categories and patient types with von Willebrand disease (VWD) - Latarcibart, administered via a once monthly subcutaneous dosing regimen, was shown to be safe and well tolerated over multiple doses in this study - Pivotal Phase 3 VIVID-6 trial evaluating latarcibart’s potential to be the first targeted therapy for VWD is currently enrolling Incyte (Nasdaq: INCY) today announced complete safety and efficacy data from all patients (n=16) enrolled in the Phase 1/2 multidose study of VGA039 (latarcibart), a novel, Protein S-targeting, investigational monoclonal antibody for patients with von Willebrand disease (VWD). The data are being shared in an oral presentation today at the 34th Congress of the International Society on Thrombosis and Haemostasis (ISTH 2026 Congress) in Paris. Latarcibart modulates Protein S to improve hemostasis, potentially enhancing the body’s ability t

Europe’s Demand for Tech Services Accelerates in Q2, As Spending on AI and Managed Services Rises: ISG Index™13.7.2026 10:00:00 CEST | Press release

Combined market up 46%, led by 64% growth in cloud servicesManaged services up 21%, as companies seek cost savings to fund AI Demand for technology services in Europe continued to accelerate in the second quarter, as the region increasingly turns to managed services to reduce costs and cloud services to meet AI objectives, according to the latest state-of-the-industry report from Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm. The EMEA ISG Index™, which measures commercial outsourcing contracts with annual contract value (ACV) of US $5 million or more, shows second-quarter ACV for the combined market (both managed services and cloud-based as-a-service) soared 46 percent—its largest growth in eight years—to US $13.0 billion. The latest quarter adds to a string of three straight quarters in which growth has averaged 33 percent. “Europe has become the fastest-growing region for technology services, fueled not only by an increasin

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye