"Disclosed ICS Vulnerabilities Surged During Second Half of 2020"
Researchers at Claroty discovered that a substantial rise in industrial control system (ICS) vulnerabilities were disclosed in the second half of 2020. The research revealed a 33% increase in the number of disclosed ICS vulnerabilities than in the first half of 2020. Throughout the six-months, a total of 449 vulnerabilities affecting ICS products from 59 vendors were highlighted, 70% of which were assigned high or critical Common Vulnerability Scoring System (CVSS) scores. Many of the vulnerabilities do not require authentication for exploitation. More than two-thirds of disclosed vulnerabilities were remotely exploitable through network attack vectors. The sectors that experienced the most significant rises in ICS vulnerabilities compared to the second half of 2019 were critical manufacturing (15%), energy (8%), water and wastewater (54%), and commercial facilities (14%). An encouraging finding from the research was that third-party researchers were responsible for 61% of discoveries, which indicates a growing focus on including ICS alongside IT security research. This increased focus on identifying ICS vulnerabilities partly explains the surge in detections disclosed.
Infosecurity reports: "Disclosed ICS Vulnerabilities Surged During Second Half of 2020"