Business Wire

CA-FORESCOUT

6.12.2023 07:02:34 CET | Business Wire | Press release

Share
Critical Infrastructure Still at High Risk: Forescout Research Spotlights 21 New Vulnerabilities

Forescout, a global cybersecurity leader, today released “SIERRA:21 – Living on the Edge,” an analysis of 21 newly discovered vulnerabilities within OT/IoT routers and open-source software components. The report — produced by Forescout Research – Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in critical infrastructure — emphasizes the continued risk to critical infrastructure and sheds light on possible mitigations.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231205915662/en/

To view this piece of content from mms.businesswire.com, please give your consent at the top of this page.

Sierra:21 Infographic (Source: Forescout)

“SIERRA:21 – Living on the Edge” features research into Sierra Wireless AirLink cellular routers and some of its open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular — an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for a variety of applications. For example, Sierra Wireless routers are used for police vehicles connecting to a central network management system or to stream surveillance video, in manufacturing plants for industrial asset monitoring, in healthcare facilities providing temporary connectivity and to manage electric vehicle charging stations. The 21 new vulnerabilities have the potential to stop vital communications that could impact everyday life.

Read the blog: Forescout Vedere Labs discloses 21 new vulnerabilities affecting OT/IoT routers

Forescout Research further finds:

  • The attack surface is expansive with 86,000 vulnerable routers still exposed online. Less than 10% of these routers are confirmed to be patched against known previous vulnerabilities found since 2019.
  • Regions with the highest number of exposed devices includes:
    • 68,605 devices in The United States
    • 5,580 devices in Canada
    • 3,853 devices in Australia
    • 2,329 devices in France
    • 1,001 devices in Thailand
  • Among the 21 vulnerabilities, one has critical severity (CVSS score 9.6), nine have high severity and 11 have medium severity. These vulnerabilities allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks.
  • Patching can’t fix everything. 90 percent of devices exposing a specific management interface have reached end of life, meaning they cannot be further patched.
  • It’s an uphill battle to secure supply chain components. Open-source software elements continue to go unchecked and increase the attack surface of critical devices, leading to vulnerabilities that may be hard for organizations to track and mitigate.

“We are raising the alarm today because there remain thousands of OT/IoT devices representing an increased attack surface that requires attention,” advises Elisa Constante, VP of Research, Forescout Research – Vedere Labs. “Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets. Our discoveries reaffirm the need for heightened awareness of the OT/IoT edge devices that are so often neglected.”

Sierra Wireless and OpenDNS have issued patches for the identified vulnerabilities. TinyXML is an abandoned open source project, so the upstream vulnerabilities will not be fixed and must be addressed downstream.

For more information, download the full report, “SIERRA:21 – Living on the Edge,” now at https://www.forescout.com/resources/sierra21-vulnerabilities.

Additional Resources:

About Forescout

Forescout Technologies, Inc., a global cybersecurity leader, continuously identifies, protects and helps ensure the compliance of all managed and unmanaged connected cyber assets – IT, IoT, IoMT and OT. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide vendor-agnostic, automated cybersecurity at scale. The Forescout® Platform delivers comprehensive capabilities for network security, risk and exposure management, and extended detection and response. With seamless context sharing and workflow orchestration via ecosystem partners, it enables customers to more effectively manage cyber risk and mitigate threats.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20231205915662/en/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com
DK

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Access Advance Welcomes Wave of New Licensees to the HEVC Advance Patent Pool8.7.2026 02:00:00 CEST | Press release

Access Advance LLC, the leading HEVC patent pool administrator, today announced a significant expansion of the HEVC Advance Patent Pool, with 28 companies executing licenses in the first half of 2026. The new Licensees span consumer electronics, automotive, telecommunications, industrial technology, and professional security, reflecting the breadth of industries in which HEVC has become a foundational video technology. "HEVC remains the cornerstone of modern video delivery, and the demand we are seeing from new Licensees speaks to the long-term commercial relevance of this technology," said Peter Moller, CEO of Access Advance. "HEVC licensing activity has been consistently strong, and we are pleased to welcome a number of important new participants to the program." Notably, nine video surveillance equipment manufacturers have joined the HEVC Advance program as Licensees, ranging from three of the world's largest video surveillance equipment makers to specialized developers of security

Empire State Building Observation Deck Run-Up Returns for 48th Annual Race on Oct. 68.7.2026 00:22:00 CEST | Press release

Presented by NYU Langone Health and Powered by MerrellLottery Open Through July 20 The Empire State Building Observation Deck (ESB), atop the “World’s Most Famous Building,” today announced that general lottery registration is open for this year's Empire State Building Observation Deck Run-Up (ESBRU), which will run through July 20, 2026. The annual race, presented by NYU Langone Health and powered by Merrell, will take place on Oct. 6, 2026, at 8 p.m. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707902561/en/ Empire State Building Observation Deck Run-Up Returns for 48th Annual Race on Oct. 6 This year’s race marks the 48th anniversary of the event, in which 225 runners will race up 1,576 stairs of the iconic New York City landmark to reach the world-famous 86th Floor Observation Deck. “Every year, the Empire State Building Observation Deck Run-Up is a remarkable feat for all who participate as they race up to Tripadvi

Modon's Hudayriyat Golf Estates Sets UAE Record With More Than AED 13 Billion in Sales Within Days of Launch7.7.2026 20:36:00 CEST | Press release

A record-breaking sales value for a residential project in the UAEThe project comprises golf mansions, villas, and townhouses across Hudayriyat Island, Abu Dhabi1,700 residences sold within days after the launch15% non-UAE resident buyers81% new customers to Modon Modon has set a new benchmark for the UAE real estate market with the launch of Hudayriyat Golf Estates on Hudayriyat Island, Abu Dhabi. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707126559/en/ Modon's Hudayriyat Golf Estates sets UAE record with more than AED 13 billion in sales within days of launch (Photo: AETOSWire) Within days of launch, the community achieved record-breaking sales exceeding AED 13 billion, marking the highest publicly recorded sales value for a single residential project launch in the UAE. Comprising an exclusive collection of golf mansions, villas, and townhouses, the development saw 1,700 of its residences sold after few days of laun

Loomis Sayles Growth Equity Strategies Team Celebrates Twenty-Year Milestones7.7.2026 16:36:00 CEST | Press release

Loomis, Sayles & Company, the century-old investment manager with nearly $418 billion in assets under management, proudly celebrates the 20-year anniversaries of the Loomis Sayles Large Cap Growth and the Loomis Sayles All Cap Growth strategies, as well as a differentiated approach to growth equity investing under the leadership of Aziz V. Hamzaogullari, CFA, the founder, chief investment officer and portfolio manager of the Loomis Sayles Growth Equity Strategies (GES) Team. Aziz is also an executive vice president and a member of the firm’s Board of Directors. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707992418/en/ Celebrating 20 Years of The Power of Active Management Done Right GES is a cohesive team with 20 years of alpha generation and a long-term, private equity approach to investing. Under Aziz Hamzaogullari’s leadership since 2010, assets under management for GES have grown from $1.9 billion to $98.2 billion

Integral Ad Science Appoints Lidiane Jones Chief Executive Officer7.7.2026 15:35:00 CEST | Press release

Accomplished AI and technology executive to lead IAS's next phase of innovation and growth; Lisa Utzschneider to serve as Special Advisor to the Board through year-end Integral Ad Science (IAS), one of the world's most trusted media quality companies, today announced the appointment of Lidiane Jones as Chief Executive Officer, effective immediately. Jones succeeds Lisa Utzschneider, who led IAS for more than seven years and will remain with the company as Special Advisor to the Board through the end of 2026 to support a seamless transition. Utzschneider will also serve as a Special Advisor to Novacap and their portfolio companies. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707780892/en/ Lidiane Jones: Integral Ad Science CEO, Photo Credit: Pamela Hanson The appointment reflects IAS's long-term strategic vision for the future of digital advertising. As AI transforms how media is planned, bought, measured, and optimized

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye