As the leader in unified asset visibility and security, Armis is dedicated to protecting organizations at their core and uncovering potentially crippling vulnerabilities before they can wreak havoc. Over the past 5 years, Armis researchers have uncovered 40+ vulnerabilities ranging from critical zero-days in low-level software libraries to chip-level and Ethernet cable vulnerabilities.
Every environment contains a myriad of assets, and while some of these assets are visible to IT and security teams, many are not. These unseen assets powering business operations, critical infrastructure, or even delivering patient care represent an expanded attack surface that can potentially be exploited. Through ongoing first-hand research, Armis is continuously searching for and uncovering vulnerabilities in these unseen assets so that our customers and the broader industry can protect their businesses.
The vulnerabilities discovered by the Armis research team serve as a cornerstone for further research and security disclosures beyond the Armis ecosystem as well. In early March 2022, Armis uncovered three critical vulnerabilities in its TLStorm research, which was the catalyst for a CISA advisory on cyberattacks targeting Internet-connected UPS devices. Another security vendor recently published a piece of research on infusion pump security in which they highlighted 10 specific vulnerabilities. Two of the most prominent vulnerabilities called out were discovered by the Armis research team and published in Armis’ URGENT/11 research.
As the expert source of vulnerability research on connected assets, Armis is committed to exposing significant vulnerabilities and providing 100% complete visibility of IT, cloud, IoT, OT, IoMT, 5G, and edge assets.
The dedication and commitment of Armis’ research team are exemplified by its nine significant vulnerability disclosures in the past 5 years, including:
- TLStorm, 2022 – Discovery of three critical vulnerabilities in APC Smart-UPS devices that can allow attackers to gain remote access
- PwnedPiper, 2021 – Discovery of nine vulnerabilities in the Translogic PTS system by Swisslog Healthcare
- ModiPwn, 2021 – Discovery of an authentication bypass vulnerability in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can lead to remote-code-execution (RCE)
- NAT Slipstreaming v2.0, 2021 – Discovery of a new variant to the NAT Slipstreaming attack that can allow attackers to bypass NATs & Firewalls
- EtherOops, 2020 – Discovery of a new attack method that helps an attacker infiltrate targeted networks via faulty Ethernet (networking) cables
- CDPwn, 2020 – Discovery of five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over Cisco devices
- URGENT/11, 2019 – Discovery of eleven zero-day vulnerabilities impacting billions of mission-critical devices utilizing VxWorks® and other real-time operating systems
- BLEEDINGBIT, 2018 – Discovery of two chip-level vulnerabilities impacting access points and potentially other unmanaged devices BlueBorne, 2017 – Discovery of new vulnerabilities that impact Amazon Echo and Google Home
See, Control, Protect, and Secure your Assets
Register today for a quick Security Risk Assessment, learn which assets are most vulnerable to attack. Use these insights to prioritize your risk mitigation strategy and ensure full compliance with regulatory frameworks that require you to identify and prioritize all vulnerabilities.
The Armis Security Risk Assessment enables you to:
- See all devices hardware (OT, IT, IoT, IoMT), virtual, cloud, software, managed and unmanaged
- Identify risks associated with these devices
- Develop a plan to mitigate risk and exposure
Assess your risk in as little as 30 minutes.
Share this Article
Get Updates
Sign up to receive the latest from Armis.