Researchers find vulnerabilities in products from three industrial cellular router vendors
Eleven vulnerabilities in the cloud-management platforms of three industrial cellular router vendors put operational technology (OT) networks at risk for remote code execution, even if the platform is not actively configured for cloud management, researchers have found.
The vulnerabilities are so severe that even though they affect devices from only three vendors — Sierra Wireless AirLink, Teltonika Networks RUT, and InHand Networks InRouter — they could impact thousands of industrial Internet of things (IIoT) devices and networks in a variety of sectors.
'Breaching of these devices can bypass all of the security layers in common deployments, as IIoT devices are commonly connected both to the Internet and the internal OT network,' the researchers tell Dark Reading. 'It also raises additional risk for propagation to additional sites through the built-in VPN.'
The vulnerabilities are so severe that even though they affect devices from only three vendors — Sierra Wireless AirLink, Teltonika Networks RUT, and InHand Networks InRouter — they could impact thousands of industrial Internet of things (IIoT) devices and networks in a variety of sectors.
'Breaching of these devices can bypass all of the security layers in common deployments, as IIoT devices are commonly connected both to the Internet and the internal OT network,' the researchers tell Dark Reading. 'It also raises additional risk for propagation to additional sites through the built-in VPN.'
No comments: