{"id":89127,"date":"2024-07-30T13:49:26","date_gmt":"2024-07-30T20:49:26","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/research-labs\/riskiest-devices-copy\/"},"modified":"2024-08-16T13:41:48","modified_gmt":"2024-08-16T20:41:48","slug":"ot-iot-routers-in-the-software-supply-chain","status":"publish","type":"page","link":"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/","title":{"rendered":"Rough Around the Edges: The State of OT\/IoT Routers in the Software Supply Chain"},"content":{"rendered":"\n<h1>Rough Around the Edges<\/h1>\n<h2>The State of OT\/IoT Routers in the Software Supply Chain<\/h2>\n<p>Under the surface of assets connecting the internet to remote, industrial operations are a world of vulnerabilities. Picture a rural electrical substation or an offshore oil rigging site out in the ocean. The problem? Understanding the risk scale means gathering the full scope of firmware components \u2013 and the open-source software used within cellular routers. To more precisely understand the problem, Forescout partnered with SBOM experts Finite State to identify common models of a specific class of devices.<\/p>\n<p>See which vendors. Know the risk. Take control and reduce the threat.<\/p>\n\n<h5>Original Firmware Research<\/h5>\n\n<p>Register to download your copy.<\/p>\n<p>Notice of Collection<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/icon_Bug.png\" class=\"c-stats__img\" style=\"width:100px;height:auto\" loading=\"lazy\"><\/p>\n<h3 class=\"c-stats__numbers\">\n161<\/h3>\n<p class=\"c-stats__text\">Vulnerabilities<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/icon_Age.png\" class=\"c-stats__img\" style=\"width:100px;height:auto\" loading=\"lazy\"><\/p>\n<h3 class=\"c-stats__numbers\">\n69<\/h3>\n<p class=\"c-stats__text\">High CVSS<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/icon_Vulnerability.png\" class=\"c-stats__img\" style=\"width:100px;height:auto\" loading=\"lazy\"><\/p>\n<h3 class=\"c-stats__numbers\">\n20%<\/h3>\n<p class=\"c-stats__text\">N-days<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/icon_bug-1.png\" class=\"c-stats__img\" style=\"width:100px;height:auto\" loading=\"lazy\"><\/p>\n<h3 class=\"c-stats__numbers\">\n24<\/h3>\n<p class=\"c-stats__text\">Critical CVSS<\/p>\n<figure class=\"video-player\">\n<\/figure>\n<h3>Rough Around the Edges Webinar<\/h3>\n<p>In this joint webinar with Finite State, you\u2019ll better understand the scope of our report collaboration and the depth of vulnerabilities living within today\u2019s routers. Gain real-world strategies for securing your routers with help from a Software Bill of Materials. With a brighter spotlight on firmware, you\u2019ll know what you need to protect your organization from:<\/p>\n<ul class=\"c-list--primary c-list--triangle\" style=\"text-align: left\">\n<li>The risk of relying on outdated software components<\/li>\n<li>The dangers of not using binary hardening <\/li>\n<li>The confusion created by inconsistent custom patching<\/li>\n<li>The ease of exploiting multiple devices with a single vulnerability<\/li>\n<\/ul>\n<p><a href=\"\/webinars\/rough-around-the-edges-webinar\/\" title=\"Register for the Webinar\" class=\"c-btn c-btn--primary-dark c-btn--outline has-icon icon-camera icon-position-right has-icon-animation icon-animation-fade-in\">Register for the Webinar<\/a><\/p>\n<h3 style=\"text-align: center\">Component \u201cAge\u201d per Firmware<\/h3>\n<h2 class=\"c-title \">\n<h3>Average Firmware Age by Vendor<\/h3>\n<\/h2>\n<p>See a snapshot of the average and maximum \u2018age\u2019 of components for each firmware in months. Age refers to the time elapsed between the release date of a component and the start date of the research. <\/p>\n<p>Read the full report to see all of the different levels of risk, including the <strong>number of historical vulns<\/strong>, number of CVEs by CVSS score <strong>by vendor<\/strong>, and all the details on <strong>which n-day vulns currently have exploits by vendor<\/strong>.<\/p>\n<p><a href=\"\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/\" title=\"Read Blog\" class=\"c-btn c-btn--primary-dark c-btn--outline has-icon icon-arrow-right icon-position-right has-icon-animation icon-animation-fade-in\">Read Blog<\/a><\/p>\n<h2 class=\"c-title\">Too Many Outdated Software Components<\/h2>\n<p style=\"text-align: left\">We identified between 500 and 900 components in each firmware, and between 1,200 and 2,500 \u2018findings\u2019. Findings include known vulns, weak security posture, such as default credentials or hardcoded cryptographic material \u2014and new vulns found via binary static analysis.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/07\/Summary-of-components-and-findings-from-the-Finite-State-platform.jpg\" class=\"element-visibility has-element-animation element-animation-fade-in\" loading=\"lazy\"><\/p>\n<p><a href=\"#register\" title=\"Get Report\" class=\"c-btn c-btn--primary-dark c-btn--outline has-icon icon-arrow-down icon-position-right has-icon-animation icon-animation-fade-in\">Get Report<\/a><\/p>\n<h2 class=\"c-title\">How We Conducted This Joint Research <\/h2>\n<p style=\"text-align: left\">You can\u2019t protect what you can\u2019t see or don\u2019t have information on \u2013 especially in the murky waters of firmware. With Finite State\u2019s expertise in SBOM, we were able to look closely under the hood of router firmware componentry to find known and new vulnerabilities. Forescout Research \u2013 Vedere Labs monitors and collects threat intelligence data across 19 million devices in our data lake.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/Rough-Around-the-Edges-Charts-Figure.png\" class=\"element-visibility has-element-animation element-animation-fade-in\" loading=\"lazy\"><\/p>\n<p><a href=\"\/webinars\/rough-around-the-edges-webinar\/\" title=\"Watch Webinar\" class=\"c-btn c-btn--secondary c-btn--outline has-icon icon-camera icon-position-right has-icon-animation icon-animation-fade-in\">Watch Webinar<\/a><\/p>\n<p><a href=\"#register\" class=\"u-display-inline-block u-line-height-0\"><img decoding=\"async\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/rough-around-the-edges-thm.png\" class=\"u-size-full\" loading=\"lazy\"><\/a><\/p>\n<h2 class=\"c-title \">Dive Into the Research <\/h2>\n<p>Discover practical strategies for securing OT and IoT routers, including patch management, leveraging Software Bill of Materials (SBoM) solutions, and enhancing authentication practices.<\/p>\n<p>Explore the vulnerabilities identified in OT\/IoT routers, such as the risks posed by outdated software components, lack of binary hardening and custom patching.<\/p>\n<p>Gain invaluable software supply chain insights \u2013 and the real-world value of Software Bill of Materials from a proven technology leader in Finite State.<\/p>\n<p>Improve your security posture today.<\/p>\n<p><a href=\"#register\" title=\"Get Report\" class=\"c-btn c-btn--white c-btn--outline has-icon icon-duotone-triangles-down icon-position-right has-icon-animation icon-animation-fade-in\">Get Report<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rough Around the Edges The State of OT\/IoT Routers in the Software Supply Chain Under the surface of assets connecting the internet to remote, industrial operations are a world of vulnerabilities. Picture a rural electrical substation or an offshore oil rigging site out in the ocean. The problem? Understanding the risk scale means gathering the [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":89342,"parent":70336,"menu_order":60,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"ep_exclude_from_search":false,"footnotes":"","_links_to":"","_links_to_target":""},"coauthors":[407],"class_list":["post-89127","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Rough Around the Edges: The State of OT\/IoT Routers in the Software Supply Chain - Forescout Research<\/title>\n<meta name=\"description\" content=\"Forescout\u2019s 2024 Riskiest Connected Devices research report audits cybersecurity risk of IT, OT, IoT, IoMT assets in 10 industry verticals.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rough Around the Edges: The State of OT\/IoT Routers in the Software Supply Chain - Forescout Research\" \/>\n<meta property=\"og:description\" content=\"Forescout\u2019s 2024 Riskiest Connected Devices research report audits cybersecurity risk of IT, OT, IoT, IoMT assets in 10 industry verticals.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/\" \/>\n<meta property=\"og:site_name\" content=\"Forescout\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ForescoutTechnologies\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-16T20:41:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-VL-Rough-Around-the-Edges-Feature_1200x628-v1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"419\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@Forescout\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/\",\"url\":\"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/\",\"name\":\"Rough Around the Edges: The State of OT\/IoT Routers in the Software Supply Chain - Forescout Research\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-VL-Rough-Around-the-Edges-Feature_1200x628-v1.jpg\",\"datePublished\":\"2024-07-30T20:49:26+00:00\",\"dateModified\":\"2024-08-16T20:41:48+00:00\",\"description\":\"Forescout\u2019s 2024 Riskiest Connected Devices research report audits cybersecurity risk of IT, OT, IoT, IoMT assets in 10 industry verticals.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/#primaryimage\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-VL-Rough-Around-the-Edges-Feature_1200x628-v1.jpg\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-VL-Rough-Around-the-Edges-Feature_1200x628-v1.jpg\",\"width\":800,\"height\":419},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.forescout.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vedere Labs\",\"item\":\"https:\/\/www.forescout.com\/research-labs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Rough Around the Edges: The State of OT\/IoT Routers in the Software Supply Chain\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.forescout.com\/#website\",\"url\":\"https:\/\/www.forescout.com\/\",\"name\":\"Forescout\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.forescout.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.forescout.com\/#organization\",\"name\":\"Forescout Technologies, Inc.\",\"url\":\"https:\/\/www.forescout.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Forescout Technologies, Inc.\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ForescoutTechnologies\",\"https:\/\/x.com\/Forescout\",\"https:\/\/www.instagram.com\/forescouttechnologies\/\",\"https:\/\/www.linkedin.com\/company\/forescout-technologies\",\"https:\/\/www.youtube.com\/user\/forescout1\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rough Around the Edges: The State of OT\/IoT Routers in the Software Supply Chain - Forescout Research","description":"Forescout\u2019s 2024 Riskiest Connected Devices research report audits cybersecurity risk of IT, OT, IoT, IoMT assets in 10 industry verticals.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/","og_locale":"en_US","og_type":"article","og_title":"Rough Around the Edges: The State of OT\/IoT Routers in the Software Supply Chain - Forescout Research","og_description":"Forescout\u2019s 2024 Riskiest Connected Devices research report audits cybersecurity risk of IT, OT, IoT, IoMT assets in 10 industry verticals.","og_url":"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/","og_site_name":"Forescout","article_publisher":"https:\/\/www.facebook.com\/ForescoutTechnologies","article_modified_time":"2024-08-16T20:41:48+00:00","og_image":[{"width":800,"height":419,"url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-VL-Rough-Around-the-Edges-Feature_1200x628-v1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@Forescout","twitter_misc":{"Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/","url":"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/","name":"Rough Around the Edges: The State of OT\/IoT Routers in the Software Supply Chain - Forescout Research","isPartOf":{"@id":"https:\/\/www.forescout.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/#primaryimage"},"image":{"@id":"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/#primaryimage"},"thumbnailUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-VL-Rough-Around-the-Edges-Feature_1200x628-v1.jpg","datePublished":"2024-07-30T20:49:26+00:00","dateModified":"2024-08-16T20:41:48+00:00","description":"Forescout\u2019s 2024 Riskiest Connected Devices research report audits cybersecurity risk of IT, OT, IoT, IoMT assets in 10 industry verticals.","breadcrumb":{"@id":"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/#primaryimage","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-VL-Rough-Around-the-Edges-Feature_1200x628-v1.jpg","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-VL-Rough-Around-the-Edges-Feature_1200x628-v1.jpg","width":800,"height":419},{"@type":"BreadcrumbList","@id":"https:\/\/www.forescout.com\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.forescout.com\/"},{"@type":"ListItem","position":2,"name":"Vedere Labs","item":"https:\/\/www.forescout.com\/research-labs\/"},{"@type":"ListItem","position":3,"name":"Rough Around the Edges: The State of OT\/IoT Routers in the Software Supply Chain"}]},{"@type":"WebSite","@id":"https:\/\/www.forescout.com\/#website","url":"https:\/\/www.forescout.com\/","name":"Forescout","description":"","publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.forescout.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.forescout.com\/#organization","name":"Forescout Technologies, Inc.","url":"https:\/\/www.forescout.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","width":1,"height":1,"caption":"Forescout Technologies, Inc."},"image":{"@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ForescoutTechnologies","https:\/\/x.com\/Forescout","https:\/\/www.instagram.com\/forescouttechnologies\/","https:\/\/www.linkedin.com\/company\/forescout-technologies","https:\/\/www.youtube.com\/user\/forescout1"]}]}},"featured_media_url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-VL-Rough-Around-the-Edges-Feature_1200x628-v1.jpg","is_file":false,"excerpt_manually_set":false,"_links":{"self":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/pages\/89127","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/comments?post=89127"}],"version-history":[{"count":0,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/pages\/89127\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/pages\/70336"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media\/89342"}],"wp:attachment":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media?parent=89127"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/coauthors?post=89127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}