The three companies identified are Sierra Wireless, InHand Networks and Teltonika Networks. Each has their own cloud management and monitoring offering. These management solutions are designed to allow for ease of management, configuration and inventory of devices. In industrial segments having a single pane of glass to monitor and control OT devices for industrial organizations is a great thing especially when you have multiple, and remote, sites you need to cover and (as always seems to be the case) limited staff. These types of solutions, when properly built and secure, are a good thing.
However, it seems that these groups have the platform for control but left out the security piece in many cases. For example, with Sierra Wireless, they have an flaw that allows an attacker to scan for unregistered devices (that are connected to the cloud) and using the available warranty registration tool gather the serial number and then register to an attacker controlled environment. The flaws found in InHand and Teltonika are just as bad and can allow an attacker to gain remote code execution with root privileges on devices and impersonate legitimate devices. Combined with the coverage of these service providers, and the severity, exploitation of these flaws could have a major impact on the industrial business space.
This is the second large scale revelation of exposures to IIoT and OT devices as 38 vulnerabilities were disclosed about three months ago. It is a concerning development for any industrial organization (including certain infrastructure). It is not beyond the scope of a threat group to leverage these vulnerabilities to hold an organization for ransom. If you can get into the cloud management system and take ownership of these devices, it would be a rough day for any organization hit.
To add insult to injury, industrial spaces are also one of the slowest spaces to remediate vulnerabilities like this as the cost can be significant. Remediation times are lengthy simply due to how many controls need to be updated and how remote and inaccessible some may be. The good news here is that these flaws are with the cloud management software and not embedded in each and every device. A fix should be relatively easy to roll out. The challenge might be in backwards compatibility. If updates to security make older devices unusable, then the fixes might indeed be slow to hit the real world.