38 security weaknesses have been found in wireless Industrial Internet of Things (IIoT) devices from four different vendors, presenting a significant attack surface for cybercriminals targeting operational technology (OT) environments. The vulnerabilities offer remote entry points for attacks, enabling unauthenticated actors to gain a foothold and spread to other systems, potentially causing significant damage. Some of the weaknesses can even be used to directly access thousands of internal OT networks over the internet. Of the 38 flaws, 3 affect ETIC Telecom’s Remote Access Server and 5 affect InHand Networks’ InRouter 302 and InRouter 615. The findings highlight the risk of making IIoT devices directly accessible on the internet and creating a “single point of failure” that can bypass all security protections. Countermeasures include disabling insecure encryption schemes, hiding Wi-Fi network names, and preventing devices from being publicly accessible.
https://thehackernews.com/2023/02/critical-infrastructure-at-risk-from.html
