The lion's share of OT and IoT devices in use in enterprises are still vulnerable to URGENT / 11 and CDPwn.
According to Armis specialists, 97% of all OT equipment in use today contains unpatched URGENT / 11 vulnerabilities, although the fixes were released back in 2019. 80% of the hardware is still vulnerable to CDPwn.
URGENT / 11 is the generic name for 11 different vulnerabilities affecting any connected device using the Wind River VxWorks real-time operating system, which includes the IPnet stack. Currently, VxWorks is embedded in more than 2 billion devices used in industrial plants, manufacturing facilities, medical facilities, and more.
Vulnerable devices, including Schneider Electric and Rockwell Automation programmable logic controllers, are typically used in manufacturing to perform various critical tasks, for example, to monitor and control physical devices responsible for the operation of various mechanisms (motors, valves, pumps, etc.)
CDPwn is a set of five vulnerabilities in Cisco Discovery Protocol (CDP), a data exchange protocol for mapping all Cisco equipment on a network (routers, IP phones and cameras, switches, etc.). With their help, an attacker with access to the attacked network can bypass network segmentation and remotely take control of devices.
A critical environment where no patches for the aforementioned vulnerabilities have been installed is open to cyber attacks, and hackers take advantage of this. For example, the vulnerability in CDP ( CVE-2020-3118 ) was included in the list of 25 vulnerabilities actively exploited by Chinese cybercriminals, which the US National Security Agency presented in October this year.