Forescout's 'SIERRA:21 - Living on the Edge' Analysis of New Vulnerabilities within OT and IoT


Forescout has been described as one of the global leaders in cybersecurity. With solutions focused on network security, risk and exposure management, and threat detection and response, Forescout tackles real-world use cases involving network access and control, network segmentation, asset inventory, ZTNA, OT and IoT security (i.e. we’ll be touching on that one more in this story, in particular), and cases necessitating stronger medical device security, automation, device compliance and SIEM modernization. These things impact financial services, healthcare, energy and utilities, and education (to name a few).

“See it. Secure it. Identify, protect and ensure the compliance of every cyber asset, continuously.” That’s a big M.O. for Forescout, especially when applied to IT, OT, IoT and beyond, but here we are.

In that vein, we have a new report produced by Forescout Research’s Vedere Labs – “SIERRA:21 – Living on the Edge” – which has uncovered almost two dozen new vulnerabilities in critical infrastructure, emphasizing the need for intelligent risk mitigation going into the new year.

Specifically, 21 new vulnerabilities have been identified. (Vulnerabilities that affect OT and IoT routers, increasing risk exposure.) Notably, the products affected are currently prevalent in multiple IoT-involved industries like healthcare/IoMT and manufacturing, fintech, power generation, government, and elsewhere.

The long-story-short of it: This report has exposed more than 86,000 devices across critical sectors.

Additional context: “SIERRA:21 – Living on the Edge” features research into Sierra Wireless AirLink cellular routers and some of its open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular; an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for a variety of applications. For example, Sierra Wireless routers are used for police vehicles connecting to a central network management system or to stream surveillance video, in manufacturing plants for industrial asset monitoring, in healthcare facilities providing temporary connectivity and to manage electric vehicle (EV) charging stations. That said, the 21 new vulnerabilities have the potential to stop vital communications that could have noticeable effect on everyday life.

Forescout Research also discovered that:

  • The attack surface is expansive, with those aforementioned 86,000 vulnerable routers still exposed online. Less than 10% of these routers are confirmed to be patched against known previous vulnerabilities found since 2019.

  • Regions with the highest number of exposed devices includes:
    • 68,605 devices in the U.S.
    • 5,580 devices in Canada
    • 3,853 devices in Australia
    • 2,329 devices in France
    • 1,001 devices in Thailand

  • Among the 21 vulnerabilities, one has critical severity (i.e. a CVSS score 9.6), nine have high severity, and 11 have medium severity. These vulnerabilities allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks.
  • “Patching can’t fix everything.” Ninety percent of devices exposing a specific management interface have reached “end-of-life” status, meaning they cannot be further patched.
  • It’s an uphill battle to secure supply chain components. Open-source software elements continue to go unchecked and increase the attack surface of critical devices, leading to vulnerabilities that may be hard for organizations to track and mitigate.

“We are raising the alarm because there remain thousands of OT/IoT devices representing an increased attack surface that requires attention,” advised Elisa Constante, VP at Forescout Research – Vedere Labs. “Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets. Our discoveries reaffirm the need for heightened awareness of the OT/IoT edge devices that are so often neglected.”

To learn more from the “SIERRA:21 – Living on the Edge” report, read here.

Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

IoT Designs that Resolve Customer Challenges: A Chat with Kenta Yasukawa, CTO of Soracom

By: Alex Passett    2/21/2024

Before IoT Evolution Expo 2024 (part of the ITEXPO #TECHSUPERSHOW experience) took place last week in Fort Lauderdale, Florida, we sat down with Sorac…

Read More

'Technology Changes, But We Must Keep Up:' A Conversation with Somos at IoT Evolution Expo 2024

By: Alex Passett    2/20/2024

At this year's IoT Evolution Expo in Fort Lauderdale, Florida, Somos SVP and CTO Sri Ramachandran held a keynote presentation focused on security for …

Read More

Sustainable Technologies through Action, Powered by IoT: Vodafone Speaks at IoT Evolution Expo 2024

By: Alex Passett    2/14/2024

At IoT Evolution Expo 2024 (part of the #TECHSUPERSHOW experience), Erik Kling - Vodafone's President & Head of Sales, IoT Americas - took to the stag…

Read More

'The Power of Meaningful Wireless' on Display at IoT Evolution Expo 2024

By: Alex Passett    2/14/2024

At IoT Evolution Expo 2024 here in sunny Fort Lauderdale, we sat down and watched GetWireless' CMO Terra Bastolich take to the stage in the Floridian …

Read More