Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities. The bugs can allow attackers with an existing foothold in the network to break through network-segmentation efforts and remotely take over millions of devices. The news comes as attackers continue to exploit the bugs, according to researchers at Armis. The lack of patching lays open critical environments to takeover, which could allow attackers to manipulate data, disrupt physical world equipment and put people’s lives at risk.
Source: https://threatpost.com/unpatched-iot-ot-devices-threaten-critical-infrastructure/162275/