Over a third of ICS vulnerabilities have no patch available
New research from SynSaber, along with the ICS Advisory Project, into industrial control operational technology system vulnerabilities finds that 34 percent of the CVEs reported in the first half of 2023 currently have no patch or remediation available from the vendor.
This compares to the 35 percent that had no fixes in the second half of 2022 but is a significant increase from the 13 percent in the first half of last year.
Vulnerabilities in industrial control systems are on the increase
The number of CVEs reported via ICS advisories has increased each year, with 2020-2021 seeing a 67.3 percent increase in CISA ICS CVEs, while 2021-2022 saw a two percent increase, according to a new report from SynSaber.
The growing volume of vulnerabilities highlights continued efforts to secure the ICS systems critical to a nation's energy, manufacturing, water, and transportation infrastructure. There's also a growing focus on regulation which means operators in critical infrastructure are under more pressure to analyze, mitigate, and report on new and existing vulnerabilities
Get 'Industrial Cybersecurity -- Second Edition' ($51.99 value) FREE for a limited time
With Industrial Control Systems (ICS) expanding into traditional IT space and even into the cloud, the attack surface of ICS environments has increased significantly, making it crucial to recognize your ICS vulnerabilities and implement advanced techniques for monitoring and defending against rapidly evolving cyber threats to critical infrastructure.
Industrial Cybersecurity -- Second Edition covers the updated Industrial Demilitarized Zone (IDMZ) architecture and shows you how to implement, verify, and monitor a holistic security program for your ICS environment.