Cybersecurity company Forescout has released a report titled SIERRA:21 – Living on the Edge, an analysis of 21 newly discovered vulnerabilities within OT/IoT routers and open-source software components. Produced by Forescout Research – Vedere Labs, the report emphasises the continued risk to critical infrastructure and sheds light on possible mitigations.
The report features research into Sierra Wireless AirLink cellular routers and some of their open-source components, such as TinyXML and OpenDNS. Among the 21 discovered vulnerabilities, one has critical severity (CVSS score 9.6), nine have high severity and 11 have medium severity. These vulnerabilities allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks.
An open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless routers for a variety of applications, such as for police vehicles connecting to a central network management system or to stream surveillance video; in manufacturing plants for industrial asset monitoring; in healthcare facilities providing temporary connectivity; and to manage electric vehicle charging stations. The new vulnerabilities thus have the potential to stop vital communications that could impact everyday life.
The research found that the attack surface is expansive, with 86,000 vulnerable routers still exposed online. Concerningly, researchers found that Australia is currently third in the world for the number of exposed devices (3853), behind Canada (5580) and the United States (68,605 devices).
The researchers warned that less than 10% of the exposed routers are confirmed to be patched against known vulnerabilities found since 2019, and 90% of devices exposing a specific management interface have reached end of life, meaning they cannot be further patched. The research further noted that open-source software elements continue to go unchecked and increase the attack surface of critical devices, leading to vulnerabilities that may be hard for organisations to track and mitigate.
“We are raising the alarm today because there remain thousands of OT/IoT devices, representing an increased attack surface that requires attention,” said Elisa Constante, VP of Research, Forescout Research – Vedere Labs.
“Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets.
“Our discoveries reaffirm the need for heightened awareness of the OT/IoT edge devices that are so often neglected.”
Sierra Wireless and OpenDNS have issued patches for the identified vulnerabilities. TinyXML is an abandoned open-source project, so the upstream vulnerabilities will not be fixed and must be addressed downstream.