Hundreds of Millions of OT Devices Vulnerable Despite Available Patches

Despite the availability of patches for URGENT/11 and CDPwn, a batch of vulnerabilities affecting operational technology (OT) hardware, the vast majority of affected devices remained unpatched a year later, a study has found.

OT devices, typically used in industrial settings, are the kind of hardware that works in the background, with no real visibility to regular users. The hardware is usually essential in the industry and vulnerabilities are dangerous when OT devices govern critical infrastructure.

“Armis has continued to track the exposures from the URGENT/11 and CDPwn exploit discoveries over the past 18 months,” said the company. “Based on that research, we have identified that 97% of the OT devices impacted by URGENT/11 have not been patched; and 80% of those affected by CDPwn remain unpatched.”

The vulnerabilities in URGENT/11 affect enterprise and medical devices, as well as operation technology (OT), industrial control systems (ICS) and programmable logic controllers (PLC). Security researchers managed to exploit two of the common PLCs using one of the RCE (remote-code-execution) vulnerability.

Meanwhile, the batch of CDPwn vulnerabilities affects switches, routers, VoIP phones and IP cameras, usually in industrial settings.

“We were able to develop an exploit that defeats built-in mitigations that are used by the vulnerable Cisco devices (such as ASLR, address space layout randomization) and demonstrate that it is possible to take control over all VoIP phones on a given local network segment simultaneously, using maliciously crafted Ethernet broadcast packets,” the security researchers explain.

Overall, hundreds of millions of devices are exposed to attacks that could be prevented by installing patches. Armis’ report only serves as a renewed warning to originations worldwide to install the patches and protect sensitive infrastructure.

Add Comment

Your email address will not be published. Required fields are marked *