A set of 21 vulnerabilities collectively known as “Sierra:21” has been identified, impacting Sierra OT/IoT routers and posing threats to critical infrastructure.
The vulnerabilities were discovered by Forescout Vedere Labs and affect Sierra Wireless AirLink cellular routers, as well as open-source components like TinyXML and OpenNDS (open Network Demarcation Service).
Sierra AirLink routers are widely used in industrial and mission-critical applications for their high-performance 3G/4G/5G and WiFi capabilities, serving applications such as passenger WiFi in transit systems, vehicle connectivity for emergency services, and more.
In his blog article posted on www.bleepingcompter.com, author, Bill Toulas explains the vulnerabilities as posing risks such as remote code execution, unauthorised access, cross-site scripting, authentication bypass, and denial-of-service attacks. Notably, the flaws could potentially allow an attacker to take full control of an OT/IoT router in critical infrastructure, leading to network disruption, espionage, lateral movement to more important assets, and malware deployment.
Forescout’s researchers found over 86,000 AirLink routers exposed online in critical organisations worldwide, particularly in the United States, Canada, Australia, France, and Thailand. The majority of these systems are in the U.S.
Forescout recommends upgrading to the ALEOS (AirLink Embedded Operating System) version 4.17.0 or, at a minimum, ALEOS 4.9.9 to address all vulnerabilities. The OpenNDS project has also released security updates for the vulnerabilities affecting the open-source project.
Administrators are advised to take additional actions for enhanced protection, including changing default SSL certificates, disabling or restricting non-essential services, implementing a web application firewall, and installing an OT/IoT-aware IDS to monitor network traffic for security breaches. Forescout emphasizes that routers and network infrastructure are increasingly targeted by threat actors for persistence and espionage purposes, using devices for proxying malicious traffic or expanding botnets.