Business Wire

CA-FORESCOUT

6.12.2023 07:02:34 CET | Business Wire | Press release

Share
Critical Infrastructure Still at High Risk: Forescout Research Spotlights 21 New Vulnerabilities

Forescout, a global cybersecurity leader, today released “SIERRA:21 – Living on the Edge,” an analysis of 21 newly discovered vulnerabilities within OT/IoT routers and open-source software components. The report — produced by Forescout Research – Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in critical infrastructure — emphasizes the continued risk to critical infrastructure and sheds light on possible mitigations.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231205915662/en/

To view this piece of content from mms.businesswire.com, please give your consent at the top of this page.

Sierra:21 Infographic (Source: Forescout)

“SIERRA:21 – Living on the Edge” features research into Sierra Wireless AirLink cellular routers and some of its open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular — an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for a variety of applications. For example, Sierra Wireless routers are used for police vehicles connecting to a central network management system or to stream surveillance video, in manufacturing plants for industrial asset monitoring, in healthcare facilities providing temporary connectivity and to manage electric vehicle charging stations. The 21 new vulnerabilities have the potential to stop vital communications that could impact everyday life.

Read the blog: Forescout Vedere Labs discloses 21 new vulnerabilities affecting OT/IoT routers

Forescout Research further finds:

  • The attack surface is expansive with 86,000 vulnerable routers still exposed online. Less than 10% of these routers are confirmed to be patched against known previous vulnerabilities found since 2019.
  • Regions with the highest number of exposed devices includes:
    • 68,605 devices in The United States
    • 5,580 devices in Canada
    • 3,853 devices in Australia
    • 2,329 devices in France
    • 1,001 devices in Thailand
  • Among the 21 vulnerabilities, one has critical severity (CVSS score 9.6), nine have high severity and 11 have medium severity. These vulnerabilities allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks.
  • Patching can’t fix everything. 90 percent of devices exposing a specific management interface have reached end of life, meaning they cannot be further patched.
  • It’s an uphill battle to secure supply chain components. Open-source software elements continue to go unchecked and increase the attack surface of critical devices, leading to vulnerabilities that may be hard for organizations to track and mitigate.

“We are raising the alarm today because there remain thousands of OT/IoT devices representing an increased attack surface that requires attention,” advises Elisa Constante, VP of Research, Forescout Research – Vedere Labs. “Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets. Our discoveries reaffirm the need for heightened awareness of the OT/IoT edge devices that are so often neglected.”

Sierra Wireless and OpenDNS have issued patches for the identified vulnerabilities. TinyXML is an abandoned open source project, so the upstream vulnerabilities will not be fixed and must be addressed downstream.

For more information, download the full report, “SIERRA:21 – Living on the Edge,” now at https://www.forescout.com/resources/sierra21-vulnerabilities.

Additional Resources:

About Forescout

Forescout Technologies, Inc., a global cybersecurity leader, continuously identifies, protects and helps ensure the compliance of all managed and unmanaged connected cyber assets – IT, IoT, IoMT and OT. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide vendor-agnostic, automated cybersecurity at scale. The Forescout® Platform delivers comprehensive capabilities for network security, risk and exposure management, and extended detection and response. With seamless context sharing and workflow orchestration via ecosystem partners, it enables customers to more effectively manage cyber risk and mitigate threats.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20231205915662/en/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com
DK

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Cyclic Materials Appoints Tomasz Poznar as Chief Commercial Officer to Accelerate Global Commercial Growth16.7.2026 15:20:00 CEST | Press release

Industry leader in critical materials and battery recycling to drive Cyclic’s global commercial growth and strategic partnerships. Cyclic Materials, the rare earth recycling company building a circular supply chain for rare earth elements and critical materials, today announced the appointment of Tomasz Poznar, Ph.D., as Chief Commercial Officer. The appointment strengthens Cyclic Materials’ executive team as the company accelerates commercial expansion across North America, Europe, and Asia. Most recently, Poznar served as Chief Commercial Officer at Ascend Elements, where he led the company’s global commercial strategy, strategic partnerships, and business development. During his tenure, he helped secure more than USD $1.5 billion in commercial agreements, including a landmark USD $1 billion supply agreement with a major global automaker, while also supporting approximately USD $320 million in TCTF government funding that accelerated the company’s growth in North America and Europe.

Modon Holding and Nammos Hotels & Resorts Bring Nammos Ras El Hekma to Egypt’s North Coast16.7.2026 14:50:00 CEST | Press release

Developed in partnership with Nammos Hotels & Resorts, the landmark Mediterranean destination will bring together branded residences, a luxury resort, restaurant and beach club, retail village, and signature dining and wellness experiences to Egypt for the first time. Abu Dhabi-based Modon Holding and Nammos Hotels & Resorts have announced Nammos Ras El Hekma – the renowned lifestyle and hospitality brand’s first fully integrated destination in Egypt. Located within the Wadi Yemm precinct, the development will bring Ras El Hekma’s promise of timeless Mediterranean living to life, combining Nammos Residences, Nammos Resort, Nammos Village, and a curated selection of all-day dining and wellness experiences, including the globally renowned Nammos Restaurant & Beach Club. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260716740934/en/ Modon Holding and Nammos Hotels & Resorts bring Nammos Ras El Hekma to Egypt’s North Coast (Pho

Tridiagonal.ai (T.AI) Partners with PETRONAS Carigali’s TriCipta AI with IBM to Advance Engineering Domain-Driven AI Solutions for Upstream Operations16.7.2026 14:30:00 CEST | Press release

Tridiagonal.ai will contribute engineering domain-driven AI solutions, physics-informed models and Decision Intelligence capabilities to support upstream surface equipment optimisation, maintenance reliability and asset integrity decision workflows. Tridiagonal.ai Pvt. Ltd. (T.AI), the dedicated AI arm of Tridiagonal Group, announced its role in the third Joint Development Agreement (JDA) involving PETRONAS Carigali Sdn. Bhd. and IBM Malaysia Sdn. Bhd. to advance PETRONAS Carigali’s flagship TriCipta AI across the Upstream value chain. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260715579933/en/ Signing ceremony for the third TriCipta AI Joint Development Agreement, attended by executives from Tridiagonal.ai (T.AI), PETRONAS Carigali, and IBM Malaysia. TriCipta AI is PETRONAS Carigali’s partnership model that combines deep domain technical expertise with advanced AI technology experts to accelerate the development and dep

Crown Bioscience Joins C-Path's NAMs Developer Coalition to Advance Human-Relevant Models in Drug Development16.7.2026 14:30:00 CEST | Press release

Global CRO brings patient-derived models, organoid platforms and biomarker expertise to collaborative effort advancing regulatory acceptance of New Approach Methodologies Crown Bioscience is a global contract research organization (CRO) specializing in oncology drug discovery and development, today announced it has joined Critical Path Institute's (C-Path) New Approach Methodologies Developer Coalition (NAMs-DC), a collaborative initiative dedicated to advancing the validation, qualification and regulatory adoption of innovative human-relevant research methods. Crown Bioscience joins a growing community of technology developers, pharmaceutical companies, regulatory stakeholders and scientific experts working to accelerate the adoption of New Approach Methodologies (NAMs) across drug discovery and development. Through its participation in NAMs-DC, Crown Bioscience will contribute expertise spanning patient-derived xenograft (PDX) models, patient-derived tumor organoids, ex vivo patient

Silo Communications expands fiber connectivity in rural Illinois with Adtran16.7.2026 14:00:00 CEST | Press release

News summary: Silo Communications needed a scalable fiber access platform to bring faster, more reliable broadband to underserved communities With Adtran’s technology and intelligent software, Silo Communications is strengthening service delivery as it evolves from wireless to fiber Deployment supports wider state and federal efforts to close the digital divide and create a foundation for long-term rural growth Adtran today announced that Silo Communications, a rural broadband provider based in northern Illinois, is using its fiber access portfolio and software applications to expand high-speed connectivity for underserved homes and businesses. As demand for reliable broadband continues to grow across communities, Silo Communications is building on its wireless heritage with a scalable fiber network designed to support higher speeds, stronger service reliability and future expansion. The deployment supports wider state and federal efforts to extend high-speed connectivity to underserve

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye