A new report titled "SIERRA: 21 Living on the Edge", released by cybersecurity company Forescout, has uncovered 21 new vulnerabilities in OT/IoT routers and open-source software components.
The report, produced by Forescout Research – Vedere Labs, brings to light grave risks to critical infrastructure on a global scale and potential mitigation measures.
The research highlights that 245,000 networks globally run Sierra Wireless routers for a myriad of applications, underscoring that out of these, 86,000 susceptible routers are still openly exposed online. Unsettlingly, Australia holds the third rank worldwide for the number of vulnerable devices, with less than 10% of these routers known to be patched against vulnerabilities documented since 2019. Out of the 21 revealed vulnerabilities, nine pose high severity threats.
The newly discovered vulnerabilities could potentially disrupt crucial communications which could severely impact daily life. They affect popular routers and open-source components that connect critical local networks in sectors like energy, healthcare, transportation, and emergency services.
For instance, Sierra Wireless routers are widely employed for applications like police vehicle connectivity to a central network management system, surveillance video streaming, industrial asset monitoring in manufacturing plants, provisional connectivity in healthcare facilities, and management of electric vehicle charging stations.
Another significant key finding reveals that patching cannot fix all issues, as 90% of the devices flaunting a specific management interface have reached their end-of-life stage, which renders them unpatchable.
On a parallel note, the never-ending struggle to secure supply chain components is accentuated by the fact that unchecked open-source software elements continue to increase the attack surface of vital devices. As a result, this action leads to vulnerabilities that organisations find challenging both to track and to mitigate.
In terms of numbers, regions with the highest tally of exposed devices are namely the United States with 68,605, Canada with 5,580, Australia with 3,853, France with 2,329, and Thailand with 1,001. This concerning landscape of vulnerabilities empowers attackers to steal credentials, wield control over a router by injecting malicious codes, persist on the device, and utilise it as an initial access point into critical networks.
"We are raising the alarm today because there remain thousands of OT/IoT devices representing an increased attack surface that requires attention", warns Elisa Constante, VP of Research at Forescout Research – Vedere Labs.
As she poignantly puts it, "Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets. Our discoveries reaffirm the need for heightened awareness of the OT/IoT edge devices that are so often neglected."
In response, Sierra Wireless and OpenDNS have released patches for the identified vulnerabilities. TinyXML, being an abandoned open-source project, will not see its upstream vulnerabilities fixed and must hence be addressed downstream.