Rough Around the Edges

The State of OT/IoT Routers in the Software Supply Chain

Under the surface of assets connecting the internet to remote, industrial operations are a world of vulnerabilities. Picture a rural electrical substation or an offshore oil rigging site out in the ocean. The problem? Understanding the risk scale means gathering the full scope of firmware components – and the open-source software used within cellular routers. To more precisely understand the problem, Forescout partnered with SBOM experts Finite State to identify common models of a specific class of devices.

See which vendors. Know the risk. Take control and reduce the threat.


Original Firmware Research

Register to download your copy.

161

Vulnerabilities

69

High CVSS

20%

N-days

24

Critical CVSS

Rough Around the Edges Webinar

In this joint webinar with Finite State, you’ll better understand the scope of our report collaboration and the depth of vulnerabilities living within today’s routers. Gain real-world strategies for securing your routers with help from a Software Bill of Materials. With a brighter spotlight on firmware, you’ll know what you need to protect your organization from:

  • The risk of relying on outdated software components
  • The dangers of not using binary hardening
  • The confusion created by inconsistent custom patching
  • The ease of exploiting multiple devices with a single vulnerability

Component “Age” per Firmware

Average Firmware Age by Vendor

See a snapshot of the average and maximum ‘age’ of components for each firmware in months. Age refers to the time elapsed between the release date of a component and the start date of the research.

Read the full report to see all of the different levels of risk, including the number of historical vulns, number of CVEs by CVSS score by vendor, and all the details on which n-day vulns currently have exploits by vendor.

Too Many Outdated Software Components

We identified between 500 and 900 components in each firmware, and between 1,200 and 2,500 ‘findings’. Findings include known vulns, weak security posture, such as default credentials or hardcoded cryptographic material —and new vulns found via binary static analysis.

How We Conducted This Joint Research

You can’t protect what you can’t see or don’t have information on – especially in the murky waters of firmware. With Finite State’s expertise in SBOM, we were able to look closely under the hood of router firmware componentry to find known and new vulnerabilities. Forescout Research – Vedere Labs monitors and collects threat intelligence data across 19 million devices in our data lake.

Dive Into the Research

Discover practical strategies for securing OT and IoT routers, including patch management, leveraging Software Bill of Materials (SBoM) solutions, and enhancing authentication practices.

Explore the vulnerabilities identified in OT/IoT routers, such as the risks posed by outdated software components, lack of binary hardening and custom patching.

Gain invaluable software supply chain insights – and the real-world value of Software Bill of Materials from a proven technology leader in Finite State.

Improve your security posture today.

Strategic Recommendations:
How Forescout Can Help

  • Risk and exposure management: Identify, quantify and prioritize cybersecurity risk. Start by discovering and assessing every connected asset to gain real-time awareness of your attack surface.
  • Network security: Continuously monitor all connected assets to govern network access, using real-time traffic visibility to manage segmentation and dynamic control policies to mitigate and remediate risk.
  • Threat detection and response: Detect, investigate and respond to true threats and incidents using threat detection and response capabilities to collect telemetry and logs, correlate attack signals, generate high-fidelity detections and enable automated responses.
Schedule a Demo
Demo RequestForescout PlatformTop of Page