According to the company, 97% of industrial devices affected by the Urgent/11 vulnerabilities have not been patched. As for the CDPwn bugs, 80% of impacted devices are still vulnerable to attacks.
Armis told SecurityWeek that this is based on data from the company’s Device Knowledgebase, a crowd-sourced, cloud-based device behavior knowledgebase that tracks 280 million devices.
“To determine the vulnerable devices, we used Armis’ Device Knowledgebase to track the firmware versions installed on a subset of impacted vendors and models,” explained Ben Seri, VP of research at Armis.