CA-FORESCOUT
6.12.2023 07:02:34 CET | Business Wire | Press release
Forescout, a global cybersecurity leader, today released “SIERRA:21 – Living on the Edge,” an analysis of 21 newly discovered vulnerabilities within OT/IoT routers and open-source software components. The report — produced by Forescout Research – Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in critical infrastructure — emphasizes the continued risk to critical infrastructure and sheds light on possible mitigations.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231205915662/en/
Sierra:21 Infographic (Source: Forescout)
“SIERRA:21 – Living on the Edge” features research into Sierra Wireless AirLink cellular routers and some of its open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular — an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for a variety of applications. For example, Sierra Wireless routers are used for police vehicles connecting to a central network management system or to stream surveillance video, in manufacturing plants for industrial asset monitoring, in healthcare facilities providing temporary connectivity and to manage electric vehicle charging stations. The 21 new vulnerabilities have the potential to stop vital communications that could impact everyday life.
Read the blog: Forescout Vedere Labs discloses 21 new vulnerabilities affecting OT/IoT routers
Forescout Research further finds:
- The attack surface is expansive with 86,000 vulnerable routers still exposed online. Less than 10% of these routers are confirmed to be patched against known previous vulnerabilities found since 2019.
-
Regions with the highest number of exposed devices includes:
- 68,605 devices in The United States
- 5,580 devices in Canada
- 3,853 devices in Australia
- 2,329 devices in France
- 1,001 devices in Thailand
- Among the 21 vulnerabilities, one has critical severity (CVSS score 9.6), nine have high severity and 11 have medium severity. These vulnerabilities allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks.
- Patching can’t fix everything. 90 percent of devices exposing a specific management interface have reached end of life, meaning they cannot be further patched.
- It’s an uphill battle to secure supply chain components. Open-source software elements continue to go unchecked and increase the attack surface of critical devices, leading to vulnerabilities that may be hard for organizations to track and mitigate.
“We are raising the alarm today because there remain thousands of OT/IoT devices representing an increased attack surface that requires attention,” advises Elisa Constante, VP of Research, Forescout Research – Vedere Labs. “Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets. Our discoveries reaffirm the need for heightened awareness of the OT/IoT edge devices that are so often neglected.”
Sierra Wireless and OpenDNS have issued patches for the identified vulnerabilities. TinyXML is an abandoned open source project, so the upstream vulnerabilities will not be fixed and must be addressed downstream.
For more information, download the full report, “SIERRA:21 – Living on the Edge,” now at https://www.forescout.com/resources/sierra21-vulnerabilities.
Additional Resources:
- View the on-demand webinar: https://www.brighttalk.com/central/account/616385/channel/13809/video/602171
- Read more insight from Forescout Research: Hacktivists attack U.S. water treatment plant – analysis and implications
About Forescout
Forescout Technologies, Inc., a global cybersecurity leader, continuously identifies, protects and helps ensure the compliance of all managed and unmanaged connected cyber assets – IT, IoT, IoMT and OT. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide vendor-agnostic, automated cybersecurity at scale. The Forescout® Platform delivers comprehensive capabilities for network security, risk and exposure management, and extended detection and response. With seamless context sharing and workflow orchestration via ecosystem partners, it enables customers to more effectively manage cyber risk and mitigate threats.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20231205915662/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Nordic Firms Seek Green, Sovereign AI Infrastructure14.7.2026 11:00:00 CEST | Press release
Renewable power, heat reuse and local data requirements are reshaping private and hybrid cloud choices, ISG Provider Lens® report says Nordic enterprises are adopting private and hybrid cloud infrastructure that combines AI-ready capacity, local residency and low-carbon operations as high-performance workloads and geopolitical risk reshape IT strategies, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm. The 2026 ISG Provider Lens® Private/Hybrid Cloud — Data Center Services report for the Nordics finds that the region is evolving from a hosting destination into a backbone for European data processing. Enterprises are using the Nordics’ renewable energy and natural cooling to support cloud strategies that balance large scale with environmental consciousness and compliance with data sovereignty regulations. “Nordic enterprises are connecting infrastructure decisions to resilien
European Commission Approves Erbitux® (cetuximab) in Combination with Encorafenib and FOLFOX for First-Line Treatment of Metastatic Colorectal Cancer with BRAF V600E Mutation14.7.2026 11:00:00 CEST | Press release
ERBITUX in combination with encorafenib and FOLFOX is the first and only approved targeted regimen for the first-line treatment of adult patients with BRAF V600E-mutant mCRCThe approval is based on the pivotal Phase 3 BREAKWATER trial, which demonstrated statistically significant and clinically meaningful improvements in both progression-free survival (PFS) and overall survival (OS) compared to standard chemotherapy with or without bevacizumabERBITUX confirms its status as the pioneering anti-EGFR therapy in mCRC, now approved across different patient populations and multiple lines of therapyNot intended for Canada-, UK- or US-based media Merck, a leading global science and technology company, today announced that the European Commission (EC) approved an update to the Erbitux (cetuximab) EU label on June 26, 2026. Erbitux is now indicated in combination with encorafenib for patients with BRAF V600E-mutant metastatic colorectal cancer (mCRC) — both in first-line treatment in combination
Swiss Pension Funds Increase Commitments to Record Infrastructure Equity Fund to EUR 1.23 Billion14.7.2026 09:58:00 CEST | Press release
Record Asset Management GmbH (RAM), subsidiary of London-listed Record plc (Record Financial Group), today announced that its Infrastructure Equity fund has attracted EUR 160 million of additional capital from Swiss pension funds, increasing total commitments to approximately EUR 1.23 billion. Capital deployment continues to progress in line with expectations, with more than one-third of the fund’s initial capital now deployed or committed to investments. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260713541233/en/ RAM manages a dedicated infrastructure co-investment vehicle in partnership with APG, the pension asset manager of ABP, providing Swiss pension funds with access to large-scale infrastructure equity investments alongside APG’s pension fund partners. RAM is the European asset management arm of Record Financial Group, the London-listed specialist investment group managing USD 115 billion of assets on behalf of in
Samsung Becomes a Sisvel Wi-Fi Multimode Pool Licensee and Licensor14.7.2026 09:09:00 CEST | Press release
Samsung Electronics has signed up as a licensee of the Sisvel Wi-Fi Multimode pool and has also become a licensor under the programme. The decision by the South Korean company - a global R&D powerhouse and among the world’s top smartphone vendors, as well as a leader in many other electronic product categories - not only confirms the Sisvel Wi-Fi Multimode pool as a recognised solution provider for parties seeking to derisk Wi-Fi implementation but also considerably expands the scope of the programme’s patent offering. Since it was publicly launched in January 2026, ASUS, Hewlett Packard Enterprise, Microsoft and Sony Group Corporation have become licensees of the Sisvel Wi-Fi Multimode pool. There are also five licensor/licensee companies: Huawei, Panasonic, Philips, Samsung Electronics and ZTE. The other licensors are KPN, Mitsubishi Electric, Orange, Aegis 11 SA, SK Telecom and Wilus. The agreement announced today ends litigation in the Eastern District of Texas between Samsung Elec
Wolters Kluwer Integrates Legal Intelligence Platform With Libra Legal AI Workspace in the Netherlands14.7.2026 09:00:00 CEST | Press release
Dutch legal professionals gain access to additional content sources in the Libra by Wolters Kluwer AI workspace, powering a new generation of AI-driven legal work Wolters Kluwer Legal & Regulatory today announced the integration of its Legal Intelligence multi-content-provider platform with the Libra by Wolters Kluwer AI workspace in the Netherlands. Dutch legal professionals will now be able to access more than 5000 additional pieces of expert legal content from Wolters Kluwer and third-party content providers as well as public sources in addition to the existing content offerings in Libra. “By bringing Legal Intelligence into Libra, we move beyond traditional search to truly integrated, AI-driven workflows,” said Rimco Spanjer, Vice President & Managing Director, Wolters Kluwer Legal & Regulatory Benelux. “Combining our authoritative content with trusted third-party sources in one AI workspace enables legal professionals to work smarter every day.” The integration will include truste
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
