Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure
#1
Information 
Quote:Thousands of organizations remain at risk from the URGENT/11 and CDPwn collections of vulnerabilities, which affect operational technology (OT) gear and internet of things (IoT), respectively. Unfortunately, there has been a rampant lack of patching, researchers said.
 
According to researchers at Armis, a whopping 97 percent of the OT devices impacted by URGENT/11 have not been patched, despite fixes being delivered in 2019. And, 80 percent of those devices affected by CDPwn remain unpatched.
 
URGENT/11 is a collection of 11 different bugs that can affect any connected device leveraging Wind River’s VxWorks that includes an IPnet stack (CVEs from Wind River available here). VxWorks is a real-time operating system (RTOS) that third-party hardware manufacturers have embedded in more than 2 billion devices across industrial, medical and enterprise environments.
 
Affected devices, including programmable logic controllers from Schneider Electric and Rockwell Automation, are typically used in production and manufacturing environments to carry out various mission-critical tasks, such as monitoring and control of physical devices that operate various instruments (e.g motors, valves, pumps, etc.).
 
Most concerningly, URGENT/11 includes six remote code-execution (RCE) vulnerabilities that could give an attacker full control over a targeted device, via unauthenticated network packets.
 
“URGENT/11 could allow attackers to remotely exploit and take over mission critical devices, bypassing traditional perimeter and device security. Every business with these devices needs to ensure they are protected,” said Yevgeny Dibrov, CEO and co-founder of Armis, when the bugs were discovered. “The vulnerabilities in these unmanaged and IoT devices can be leveraged to manipulate data, disrupt physical world equipment, and put people’s lives at risk.”

Read more: https://threatpost.com/unpatched-iot-ot-...re/162275/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Messages In This Thread
Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure - by silversurfer - 15 December 20, 20:12

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
ON1 Software
ON1 Photo RAW 2025.1...jasonX — 06:29
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>