CA-FORESCOUT

6.12.2023 07:02:34 CET | Business Wire | Press release

Critical Infrastructure Still at High Risk: Forescout Research Spotlights 21 New Vulnerabilities

Forescout, a global cybersecurity leader, today released “SIERRA:21 – Living on the Edge,” an analysis of 21 newly discovered vulnerabilities within OT/IoT routers and open-source software components. The report — produced by Forescout Research – Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in critical infrastructure — emphasizes the continued risk to critical infrastructure and sheds light on possible mitigations.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231205915662/en/

To view this piece of content from mms.businesswire.com, please give your consent at the top of this page.

Sierra:21 Infographic (Source: Forescout)

“SIERRA:21 – Living on the Edge” features research into Sierra Wireless AirLink cellular routers and some of its open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular — an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for a variety of applications. For example, Sierra Wireless routers are used for police vehicles connecting to a central network management system or to stream surveillance video, in manufacturing plants for industrial asset monitoring, in healthcare facilities providing temporary connectivity and to manage electric vehicle charging stations. The 21 new vulnerabilities have the potential to stop vital communications that could impact everyday life.

Read the blog: Forescout Vedere Labs discloses 21 new vulnerabilities affecting OT/IoT routers

Forescout Research further finds:

The attack surface is expansive with 86,000 vulnerable routers still exposed online. Less than 10% of these routers are confirmed to be patched against known previous vulnerabilities found since 2019.
Regions with the highest number of exposed devices includes:
- 68,605 devices in The United States
- 5,580 devices in Canada
- 3,853 devices in Australia
- 2,329 devices in France
- 1,001 devices in Thailand
Among the 21 vulnerabilities, one has critical severity (CVSS score 9.6), nine have high severity and 11 have medium severity. These vulnerabilities allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks.
Patching can’t fix everything. 90 percent of devices exposing a specific management interface have reached end of life, meaning they cannot be further patched.
It’s an uphill battle to secure supply chain components. Open-source software elements continue to go unchecked and increase the attack surface of critical devices, leading to vulnerabilities that may be hard for organizations to track and mitigate.

“We are raising the alarm today because there remain thousands of OT/IoT devices representing an increased attack surface that requires attention,” advises Elisa Constante, VP of Research, Forescout Research – Vedere Labs. “Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets. Our discoveries reaffirm the need for heightened awareness of the OT/IoT edge devices that are so often neglected.”

Sierra Wireless and OpenDNS have issued patches for the identified vulnerabilities. TinyXML is an abandoned open source project, so the upstream vulnerabilities will not be fixed and must be addressed downstream.

For more information, download the full report, “SIERRA:21 – Living on the Edge,” now at https://www.forescout.com/resources/sierra21-vulnerabilities.

Additional Resources:

View the on-demand webinar: https://www.brighttalk.com/central/account/616385/channel/13809/video/602171
Read more insight from Forescout Research: Hacktivists attack U.S. water treatment plant – analysis and implications

About Forescout

Forescout Technologies, Inc., a global cybersecurity leader, continuously identifies, protects and helps ensure the compliance of all managed and unmanaged connected cyber assets – IT, IoT, IoMT and OT. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide vendor-agnostic, automated cybersecurity at scale. The Forescout® Platform delivers comprehensive capabilities for network security, risk and exposure management, and extended detection and response. With seamless context sharing and workflow orchestration via ecosystem partners, it enables customers to more effectively manage cyber risk and mitigate threats.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20231205915662/en/

About Business Wire

Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

New Survey of Nearly 4,300 C-suite Leaders Reveals Intensifying Demand for Faster Innovation, Higher ROI and Stronger Business Resilience16.12.2025 15:00:00 CET | Press release

Executives face growing pressure to deliver AI-driven transformation while navigating rising costs, increasing risk and shortages in skilled IT talent Rimini Street, Inc. (Nasdaq: RMNI), a global provider of end-to-end enterprise software support, managed services and Agentic AI ERP innovation solutions, and the leading third-party support provider for Oracle, SAP and VMware software, today announced the findings of its new global survey, “C-suite Imperatives: Accelerating Innovation in a Shifting Landscape.” The research was conducted in partnership with Censuswide surveying nearly 4,300 CFOs, CIOs, CEOs and CISOs across the globe, examining the pressures influencing executive-level technology decisions and the priorities shaping their investment strategies. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251216456670/en/ New Survey of Nearly 4,300 C-suite Leaders Reveals Intensifying Demand for Faster Innovation, Higher ROI

Enersense Selects Sitetracker as the Platform of Choice for 5G and Fiber Expansion Initiatives16.12.2025 15:00:00 CET | Press release

Sitetracker, the global leader in complete Asset Lifecycle Management, announced that Enersense, a leading lifecycle partner for customers operating in energy transmission and production, industrial energy transition and telecommunications services across Finland and the Baltics, has selected Sitetracker to digitize and scale its operations. The implementation enabled Enersense to replace legacy systems, standardize workflows, and support their ability to deliver services with short lead times and high process precision. The first phase of implementation is already supporting Finland’s 5G and rapidly expanding fiber-to-the-home (FTTH) initiatives. Before Sitetracker, Enersense relied on spreadsheets and email to manage project execution, resulting in limited visibility into project milestones, asset tracking, and field performance. As 5G and FTTH deployment accelerated, these manual processes created operational bottlenecks, slowed invoicing, and hindered communication with customers a

Sutherland and ComplyAdvantage Launch AI-Native "Unified FinCrime Compliance" Solution to Combat Sophisticated, Next Generation Financial Crime16.12.2025 15:00:00 CET | Press release

New partnership merges Sutherland’s AI-native FinCrime expertise with ComplyAdvantage’s Mesh Risk Intelligence to deliver an integrated, modular AI-powered ecosystem for Fraud, AML, Risk and Transaction Monitoring. Sutherland, a global leader in business and digital transformation, today announced a strategic partnership with ComplyAdvantage, a leading AI-driven risk intelligence platform. The collaboration introduces a comprehensive, AI-driven financial crime (FinCrime) management solution designed to help banks and Fintechs respond to the rapid rise of AI-designed fraud, complex AML risks, fast-evolving financial crime threats, and complex compliance requirements. Today, financial crime requires sophisticated, AI-intelligence-based solutions, as traditional risk and compliance controls cannot keep up. The Sutherland-ComplyAdvantage solution transforms FinCrime management by delivering a single AI-native intelligence layer that continuously enhances screening, transaction monitoring,

Mastering Complexity & Increasing Efficiency: CES 2026: dSPACE Demonstrates Test and AI Solutions for SDV Development16.12.2025 14:02:00 CET | Press release

At CES 2026, dSPACE will showcase end-to-end test solutions that enable vehicle manufacturers to efficiently master the increasing complexity in the development of software-defined vehicles. At booth 4500 in West Hall, dSPACE will present a comprehensive validation portfolio with AI-supported software-in-the-loop and hardware-in-the-loop solutions for accelerated vehicle development. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251216117958/en/ At CES 2026, dSPACE will present a comprehensive validation portfolio with AI-supported software-in-the-loop and hardware-in-the-loop solutions for accelerated SDV development. AI is a strategic enabler throughout the entire development and test process. dSPACE has been exploring how the latest developments in generative and agentic AI technologies can support software-in-the-loop (SIL) testing and enable CI/CD pipelines for automated validation. In an exhibit, dSPACE will demonstra

PPG achieves REDCert² sustainable raw material certification at two key European sites16.12.2025 14:01:00 CET | Press release

PPG (NYSE: PPG) today announced that its Architectural Coatings manufacturing sites in Amsterdam, the Netherlands and Søborg, Denmark have received REDCert² certification, which verifies the use of sustainable raw materials through a certified chain of custody. REDCert² uses the mass balance approach, a recognized method for attributing the sustainability value of certified inputs. This ensures that PPG’s products reflect responsible sourcing throughout the manufacturing process and reinforces the company’s commitment to delivering high-performing, sustainably advantaged solutions to customers across Europe. “This certification supports our broader goal of integrating sustainability and productivity into our operations and our commitment to transparent manufacturing,” said Mats Hagerstrom, PPG head of sustainability, EMEA, Architectural Coatings. “It helps us deliver products that meet high performance standards while supporting our customers’ environmental objectives.” The certified s

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom