Continued vigilance urged amid declining new xIoT flaws

Increased government pressure and the emergence of software bill of materials have prompted a reduction in published vulnerabilities in extended Internet of Things devices since 2021 even as the flaws have been increasingly self-reported by device manufacturers rather than independent researchers, SecurityWeek reports. Vulnerabilities impacting XIoT devices totaled 688 during the second half of 2022, representing a steady decline since the last six months of 2021, according to a report from Claroty's Team 82. Operational technology devices were impacted by 74% of the reported flaws, while 487 bugs have been found to be of critical or high severity. Despite the declining number of vulnerabilities, ensuring device security remains a challenge, particularly for legacy OT devices which could only mostly be remediated through mitigations. Adopting device segmentation and secure remote access are crucial in protecting systems from potential exploitation, said the report. "Other significant mitigation strategies published along with OT vulnerabilities were traffic restriction, user and role policy implementation, and workstation hardening," the report added.