Thousands of North American SAP Systems are open to Cyberattacks, warns SAP Cybersecurity Threat Report.
It noted that 36000 SAP systems worldwide are available via the Internet. Most of them, or about 69 percent, should not be available directly via the Internet.
The USA has the highest number, 3660, of unnecessarily exposed SAP services. India and China take second and third places with 1900, and 1127, respectively.
The enterprise IT vendor said those services have vulnerabilities or misconfigurations or simply should not be configured for remote access.
Notably, the list of vulnerable platforms has extended and now it includes modern cloud and mobile technologies such as HANA.
Because of cloud and mobile technologies, new SAP Systems became more exposed to the Internet and thus every vulnerability identified in these services can affect thousands of multinationals, SAP warns.
It further noted that the most vulnerable products are CRM, Portal, and SRM.
Analysis of industry-specific vulnerabilities showed that the number has grown significantly. More than 160 security issues have been detected in industry-specific solutions.
The most vulnerable types are SAP for Banking, Retail, Advertising Management, Automotive, and Utilities.
SAP further warns Critical Infrastructures and IoT devices are at risk.
However, SAP says it can act as a mediator between IT and OT systems. Thus, insecure SAP configurations can be used to exploit critical infrastructure.
