Full Report
Forescout has released its fifth annual Riskiest Connected Devices of 2025 report, highlighting a growing trend of vulnerabilities... The post Forescout’s 2025 report reveals surge in device vulnerabilities across IT, IoT, OT, and IoMT appeared first on Industrial Cyber.
Analysis Summary
As a vulnerability research specialist, I must clarify that the provided text is a summary of a *report* ('Forescout Riskiest Connected Devices of 2025') detailing high-risk device categories and associated trends, rather than a specific vulnerability advisory that details a single CVE, patch, or technical exploit for a single product version.
Therefore, the summary below reflects the *types of risks and devices highlighted by the report*, structured according to the requested format as closely as possible, focusing on identified threat vectors rather than specific CVE data which is absent in the source text.
# Vulnerability: Report Summary: High-Risk Connected Device Categories and Trends (2025)
## CVE Details
- CVE ID: Not specified (Report highlights general risk landscape, not specific CVEs)
- CVSS Score: Not applicable (Report summarizes risk trends across device types)
- CWE: Not applicable (Focus is on device categories; specific weaknesses are implied, e.g., insecure-by-design)
## Affected Systems
- Products: Routers, IoMT Devices, Universal Gateways, Historians, Building Management Systems (BMS), Physical Access Control Systems (PACS), Uninterruptible Power Supply (UPS) devices, PLCs, DCSs.
- Versions: Not specified (Risk is associated with device categories/deployment)
- Configurations: Devices that bridge IT/OT networks (e.g., Historians at Purdue Level 3, Universal Gateways at Levels 1/2).
## Vulnerability Description
The report highlights a significant and growing risk associated with interconnected devices across IT, IoT, OT, and IoMT domains. Key vectors include:
1. **Routers:** Account for over 50% of the most vulnerable devices, driving the majority of critical vulnerabilities identified.
2. **IoMT Devices:** Showing a concerning trend of increasing vulnerability severity, posing a major threat to healthcare networks.
3. **OT/ICS Components:** Devices like BMS, PACS, UPS, Universal Gateways, and Historians are targeted due to their "insecure-by-design" nature combined with internet connectivity.
* **UPS:** Targeted via default credentials to disrupt power or tamper with settings.
* **Universal Gateways:** Used for lateral movement between Ethernet and serially connected OT environments.
* **Historians:** Sit at the IT/OT boundary (Purdue Level 3), providing a path for enterprise-level threats into operational systems.
## Exploitation
- Status: Implied active targeting across device categories (e.g., UPS targeting, smart building exploitation). The report references prior demonstrated multi-domain attacks (e.g., R4IoT: IoT $\rightarrow$ IT $\rightarrow$ OT).
- Complexity: Varies, but complexity is often lowered by easily exploitable conditions like default credentials (e.g., UPS).
- Attack Vector: Network access is primary for most identified risks, facilitated by internet connectivity of IoT/OT devices.
## Impact
- Confidentiality: Potential exposure through breached IT/OT data exchange (Historians).
- Integrity: High risk of functional compromise (BMS, PACS, PLCs/DCSs).
- Availability: High risk of service disruption (UPS shutdown, industrial control failure).
## Remediation
### Patches
- Specific product patches are not detailed as this is a high-level risk report. Remediation requires tracking vendor updates for vulnerable device categories (e.g., Routers, BMS firmware).
### Workarounds
- Organizations must adopt comprehensive, cross-domain risk management strategies instead of siloed solutions.
- Implement automated controls that cover all assets (IT, IoT, OT, IoMT).
- Avoid relying solely on security agents for mitigation, as many of these specialized devices cannot support them.
## Detection
- **Indicators of Compromise (IoCs):** Not specified, but likely involve unauthorized access or configuration changes on specialized infrastructure like UPS, BMS, or Historian servers.
- **Detection Methods and Tools:** Need for solutions providing comprehensive visibility across *all* device categories simultaneously, using platforms like the newly introduced **Forescout eyeScope** solution for full asset landscape monitoring.
## References
- Vendor Advisory (Forescout Research Labs Reports):
- The Riskiest Devices of 2025 Report
- Forescout identifies PLCs, DCSs, Industrial Robots as top vulnerabilities in 2024 Risk Report
- Forescout Press Release: Forescout Announces Riskiest Connected Devices of 2025: IoMT Devices Increasingly Vulnerable
- Forescout Product Launch: Forescout launches eyeScope, a cloud-based solution for enhanced asset visibility, cybersecurity monitoring