New wireless IIoT device vulnerabilities pose risk to critical infrastructure

Critical infrastructure organizations could be at risk of compromise from the potential exploitation of 38 security vulnerabilities discovered in four different wireless industrial internet of things devices including ETIC Telecom's Remote Access Server, InHand Networks InRouter 302 and InRouter 615, and Sierra Wireless Airlink Router, according to The Hacker News. Attackers could leverage the flaws to evade security protections and obtain initial internal OT network access, a report from Otorio revealed. Thousands of internal OT networks could be compromised by chaining some of the identified security bugs, said Otorio security researcher Roni Gavrilov. Organizations were urged to conceal the names of the Wi-Fi networks, deactivate insecure encryption schemes and cloud management services that are no longer in service, and ensure limited authorized accessibility to their devices. "The low complexity of exploit, combined with the broad potential impact, makes wireless IIoT devices and their cloud-based management platforms an enticing target for attackers looking to breach industrial environments," said Otorio.