Third parties shining light on ICS vulnerabities


By Dylan Bushell-Embling
Monday, 08 February, 2021

Third parties shining light on ICS vulnerabities

The number of vulnerabilities in industrial control systems (ICS) disclosed during the second half of 2020 grew 25% year on year as security gaps in remote work environments expanded attack services for industrial networks, according to Claroty.

Research from the industrial cybersecurity company found that 449 vulnerabilities affecting ICS products from 59 vendors were disclosed during 2H20.

Of the disclosed vulnerabilities, 70% were classed as high or critical on the Common Vulnerability Scoring System (CVSS) and 76% do not require authentication for exploitation.

The research also found that 71% of ICS vulnerabilities disclosed during the six-month period were remotely exploitable through network attack vectors.

Reported vulnerabilities increased across the critical manufacturing, energy, and water and wastewater sectors, which were by far the sectors most impacted by the vulnerabilities disclosed during the period.

“The accelerated convergence of IT and OT networks due to digital transformation enhances the efficiency of ICS processes, but also increases the attack surface available to adversaries,” Claroty VP of Research Amir Preminger commented.

“Nation-state actors are clearly looking at many aspects of the network perimeter to exploit, and cybercriminals are also focusing specifically on ICS processes, which emphasises the need for security technologies such as network-based detection and secure remote access in industrial environments.”

Third-party researchers were responsible for 61% of discoveries during 2H20, many of which were cybersecurity companies. Among the third-party discoveries, 22 reported their first disclosures.

“It is heartening to see a growing interest in ICS within the security research community, as we must shine a brighter light on these vulnerabilities in order to keep threats at arm’s length,” Preminger said.

Image credit: ©stock.adobe.com/au/Mr.B-king

Related News

NSW Auditor-General releases cybersecurity insights report

The Cyber security insights 2025 report identifies that while cybersecurity governance in the NSW...

Genetec updates its physical security SaaS platform

Genetec has announced new capabilities for its Security Center SaaS solution including expanded...

ACSC releases advice on implementing SIEM and SOAR platforms

The ACSC says that implementing SIEM or SOAR platforms can greatly benefit organisations by...


  • All content Copyright © 2025 Westwick-Farrow Pty Ltd