![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/03\/sundown-report-thumbnail.webp\")
<\/p>\nForescout Vedere Labs presents its findings about the riskiest devices in enterprise network for 2023, including seven device types that are new to the list this year: VPN gateways and security appliances in IT; NAS and OOBM in IoT; engineering workstations and RTUs in OT; and blood glucose monitors in IoMT.<\/p>\n
\u00a0<\/p>\n
Watch Latest Research Webinar Read Disclosure<\/p>\n
\u00a0<\/p>\n
<\/p>\n
Mar. 27, 2025<\/strong> Oct. 2, 2024<\/strong> The speed of accurate security vulnerability information matters. Vulnerabilities are being discovered and weaponized in the wild faster than ever before. Unfortunately, authoritative naming catalogs can\u2019t keep up. Our latest research analyzes the landscape of exploited vulnerabilities \u2014 and reinforces the need for more sources of threat intelligence.<\/p>\n Forescout\u2019s Vedere Labs has identified 21 new vulnerabilities that affect OT\/IoT routers and increase the risk exposure to critical infrastructure. The affected products are prevalent in multiple industries, particularly healthcare and manufacturing, but also technology, financial services, government, and power generation. The research details specific attack scenarios as well as potential mitigation techniques.<\/p>\n Forescout Vedere Labs has discovered a set of 61 vulnerabilities affecting devices from 13 operational technology (OT) vendors caused by insecure-by-design practices in OT. The affected products are known to be prevalent in industries such as oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining, and building automation.<\/p>\n Learn More<\/a><\/p>\n This report discusses an often-overlooked aspect of Border Gateway Protocol (BGP) security: vulnerabilities in its software implementations. More specifically, vulnerabilities in BGP message parsing that could be exploited by attackers to achieve a denial of service (DoS) condition on vulnerable BGP peers.<\/p>\n Forescout\u2019s Vedere Labs presents the first systematic study into deep lateral movement: how advanced adversaries can move laterally among devices at the controller level of OT networks. This tactic allows advanced threat actors to gain deep access to industrial control systems and cross often overlooked security perimeters to perform granular, stealthy manipulations to override functional and safety limitations of controllers.<\/p>\n Forescout\u2019s Vedere Labs has discovered a total of 59 vulnerabilities affecting devices from 12 operational technology (OT) vendors caused by insecure-by-design practices in OT. The affected products are known to be prevalent in industries such as oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining, and building automation.<\/p>\n Forescout\u2019s Vedere Labs and CyberMDX discovered seven supply chain vulnerabilities<\/a>, including three that are rated critical by CISA, impacting medical and IoT devices that present an immediate risk to healthcare organizations, as well as the financial services and manufacturing sector.<\/p>\n Vedere Labs, with support from Medigate Labs, have discovered a set of 13 new vulnerabilities<\/a> affecting the Nucleus TCP\/IP stack, which we are collectively calling NUCLEUS:13. These vulnerabilities allow for remote code execution, denial of service, and information leak. Nucleus has been in use for nearly 30 years in safety-critical devices, such as anesthesia machines, patient monitors, and others in healthcare.<\/p>\n Vedere Labs and JFrog Security Research discover 14 new vulnerabilities<\/a> affecting closed source TCP\/IP stack NicheStack, allowing for Denial of Service or Remote Code Execution primarily affecting operational technology (OT) and industrial control system (ICS) devices.<\/p>\n Vedere Labs, partnering with JSOF Research, disclosed NAME:WRECK<\/a>, a set of nine Domain Name System (DNS) vulnerabilities that impact four TCP\/IP stacks and affect 100+ million IoT devices with the potential to cause either Denial of Service (DoS) or Remote Code Execution, allowing attackers to take targeted devices offline or to gain control over them. Read the report to learn how to protect enterprise IT, IoT and OT devices.<\/p>\n In the second study of Project Memoria, Vedere Labs discovers NUMBER:JACK, a set of vulnerabilities related to ISN generation that can be used to hijack or spoof TCP connections.<\/p>\n Vedere Labs discovered 33 new memory-corruption vulnerabilities<\/a> that impact open source TCP\/IP stacks \u2013 four scoring as critical. The report details how enterprises can identify these risks and take protective action to avoid breaches.<\/p>\n Analysis of healthcare delivery organizations reveals insights into increased attack surfaces and security risks.<\/p>\n This research paper dives into the Internet of Things (IoT) revolution, the risks and challenges it brings and how to transform your cybersecurity strategy to protect your enterprise network in the age of IoT.<\/p>\n The Forescout OT Research Team offers an analysis of its vulnerability and malware research for devices commonly used in building automation system (BAS) networks.<\/p>\n covers two vulnerabilities discovered by Vedere Labs (formerly CyberMDX) and published by Dell on the 21st of December 2020 as CVE-2020-29491 and CVE-2020-29492. The vulnerabilities affect Dell Wyse Thin client devices and once exploited allow attackers to, among other things, remotely run malicious code and access arbitrary files on affected devices.<\/p>\n MDhex-Ray is a vulnerability discovered by Vedere Labs (formerly CyberMDX) and published by CISA on the 8th of December 2020 as CVE-2020-25179. MDhex-Ray affects a long list of CT, X-Ray, and MRI imaging systems manufactured by GE Healthcare. Successfully exploiting the vulnerability may expose sensitive data \u2013 such as PHI \u2013 or could allow the attacker to run arbitrary code, which might impact the availability of the system and allow manipulation of PHI.<\/p>\n Vedere Labs Team (formerly CyberMDX) Assisted JSOF Research Team In Disclosing 19 Vulnerabilities Found In the Treck Network Stack.<\/p>\n Affecting a range of CARESCAPE patient monitoring devices manufactured by GE Healthcare, the bundle of vulnerabilities collectively disclosed in CISA Advisory ICSMA-20-023-01, first came to the attention of CyberMDX, a Forescout Company security researchers through an investigation into the CIC Pro device.<\/p>\n Vedere Labs\u2019 (formerly CyberMDX) research team discovered a vulnerability related to the GE Aestiva and GE Aespire devices (models 7100 and 7900). If an attacker gains access to a hospital\u2019s network and if the GE Aestiva or GE Aespire devices are connected via terminal servers, the attacker can force the device(s) to revert to an earlier, less secure version of the communication protocol and remotely modify parameters without authorization. When deployed using terminal servers, these manipulations can also be performed without any prior knowledge of IP addresses or location of the anesthesia machine.<\/p>\n A previously undocumented vulnerability in the device, noting that the AlarisTM Gateway workstation supports a firmware upgrade that can be executed without any predicate authentication or permissions. Conducting a counterfeit version of this upgrade can allow bad actors a route to \u201cauthenticate\u201d malicious content.<\/p>\n a previously undocumented vulnerability in the device, noting that the web management system doesn\u2019t require credentials and doesn\u2019t allow for password protection. As a result, anyone knowing the IP address of a targeted workstation can: monitor pump statuses, access event logs, and user guide; change the gateway\u2019s network configuration; restart the gateway (after changing the configuration you are permitted to restart).<\/p>\n Vedere Labs (formerly CyberMDX) discovered a previously undocumented vulnerability in the device, noting that when the syringe is connected to a network, it is left exposed to remote control from anyone on that network, requiring no authentication. The remote control allows starting\/stopping of the pump, changing its rate, silencing alarms, and more.<\/p>\n
\nGround-breaking research discovers new vulnerabilities that make dangerous attacks on the power grid and smart-home devices possible. Three solar power vendors \u2013 Sungrow, SMA, and Growatt \u2013 have nearly 50 flaws, collectively, that could lead to grid disruption and potential blackouts.\n\n\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/10\/Dray-Break-draytek-report_THM.jpg\")
<\/p>\nDray:Break – Breaking into DrayTrek Routers Before Threat Actors Do It Again<\/h3>\n
\nIn 2024, routers are a primary target for cybercriminals and state-sponsored attackers \u2013 and are the riskiest device category on networks. With this knowledge, we investigated one hardware vendor, DrayTek, with a history of security flaws to help it address its issues and prevent new attacks \u2014 especially when the risk of ransomware attacks are so high today. Learn what makes them vulnerable, the threat impact \u2013 and how to mitigate today.\n\n\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/05\/FS-2024-VL-KEV-Exploited-Report-Thumb-v1-440x554-1.png\")
<\/p>\nExposing the Exploited: A quantitative analysis of vulnerabilities under the radar<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2023\/12\/big-FS-2023-VL-Sierra-21-Thumb-v1-440x554-1.png\")
<\/p>\nSierra:21 – Attack Surface Expansion in OT\/IoT Routers<\/h3>\n
\n
![\"OT](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2023\/07\/MicrosoftTeams-image-29.png\")
<\/p>\nOT:ICEFALL Conclusion Report<\/h3>\n
\n
![\"BGP](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2023\/04\/FS-2023-BGP-Report-Thumb-v1-440x554-1.png\")
<\/p>\nAnalyzing the Security of BGP Message Parsing<\/h3>\n
\n
![\"Deep](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2023\/04\/deep-lateral-movement-THM.png\")
<\/p>\nDeep Lateral Movement in OT Networks<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2023\/02\/icefall-cover.jpg\")
<\/p>\nOT:ICEFALL – A Decade of Insecure-by-Design Practices in OT<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2022\/03\/Screen-Shot-2022-03-07-at-3.21.05-PM.png\")
<\/p>\nAccess:7 – How Supply Chain Vulnerabilities Can Allow Unwelcomed Access to Medical and IoT Devices<\/h3>\n
\n
![\"Dissecting](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2022\/03\/Screen-Shot-2022-03-07-at-3.18.01-PM.png\")
<\/p>\nNUCLEUS:13 – Dissecting the Nucleus TCP\/IP Stack<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/INFRA-HALT-report-cover.png\")
<\/p>\nINFRA:HALT – Jointly discovering and mitigating large-scale OT vulnerabilities<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/06\/support-options.png\")
<\/p>\nNAME:WRECK \u2013 9 DNS Vulnerabilities<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/06\/numberjack-thumbnail.jpg\")
<\/p>\nNUMBER:JACK \u2013 Weak ISN Generation in Embedded TCP\/IP Stacks<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/06\/anmesia33-thumbnail.jpg\")
<\/p>\nAMNESIA:33 \u2013 33 Memory-Corruption Vulnerabilities <\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/06\/healtcare-report-cover.jpg\")
<\/p>\nNew Research Identifies Security Risks in Healthcare<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/06\/Screen-Shot-2021-06-30-at-5.20.33-PM.png\")
<\/p>\nRise of the Machines \u2013 Transforming Cybersecurity Strategy for the Age of IoT<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/06\/BAS-Research-Report-Cover.png\")
<\/p>\nBAS Research Report: The Current State of Smart Building Cybersecurity<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2022\/06\/technation-torpedovulnerable-pc-fs-branding.png\")
<\/p>\nDell Wyse Thin Client Vulnerability<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2022\/06\/technation-torpedovulnerable-mri-fs-branding.png\")
<\/p>\nGE Radiology Vulnerability<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2022\/06\/technation-torpedovulnerable-networking-fs-branding.png\")
<\/p>\nRipple20 Vulnerability<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2022\/06\/technation-torpedovulnerable-monitor-fs-branding.png\")
<\/p>\nMDhex Vulnerability<\/h3>\n
\n
<\/p>\nGE Anesthesia and Respiratory Device Vulnerability<\/h3>\n
\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2022\/06\/technation-torpedovulnerable-pump-fs-branding.png\")
<\/p>\nBD Alaris AGW Firmware Vulnerability<\/h3>\n
\n
<\/p>\nBD Alaris AGW Web Management Vulnerability<\/h3>\n
\n
<\/p>\nBD Alaris TIVA Syringe Pump Vulnerability<\/h3>\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/06\/ornament-dots.svg\")
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/06\/support-options-icon.png\"){kind=icon}
<\/p>\n","protected":false},"excerpt":{"rendered":"