Two families of critical vulnerabilities that impact operational technology (OT), embedded devices, and network hardware continue to undermine the security of the vast majority of originally affected devices because patching the issues has been glacially slow, according to a new research report by device-security firm Armis.
Using random sampling, the company checked the patch status of devices vulnerable to flaws affecting the VxWorks embedded operating system disclosed in July 2019, finding that 97% of devices have not been updated to a patched version of the software. The company also scanned a subset of Cisco network, IP phone, and camera devices for a set of five vulnerabilities disclosed in February 2020, finding 80% of those devices remained vulnerable.
The fact that vulnerable software continues to affect the devices months…