Home News 70% of ICS Flaws Unveiled in First Half of 2020 Can be...

70% of ICS Flaws Unveiled in First Half of 2020 Can be Exploited Remotely

CISA vulnerabilities, Microsoft Vulnerabilities, HP Device Manager Susceptible to Dictionary Attacks

A research from industrial cybersecurity firm Claroty revealed that around 70% of the industrial control system (ICS) vulnerabilities discovered in the first half of 2020 can be exploited remotely. In its report titled “Biannual ICS Risk & Vulnerability Report,” Claroty evaluated over 365 ICS flaws that were added to the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

The number of flaws added to the NVD in the first half of 2020 is 10.3% higher compared to the vulnerabilities revealed in the same period in 2019, while ICS-CERT advisories increased by 32.4%. Around 75% of vulnerabilities were assigned high or critical Common Vulnerability Scoring System (CVSS) scores.

Nearly 50% of the detected security flaws can be used for remote code execution and 39% of them can be exploited for DoS attacks. While 41% of the flaws allowed a remote hacker to read application data, 37% of them allowed bypassing security procedures. The top three sectors affected by these vulnerabilities are energy (with 236 vulnerabilities), critical manufacturing (with 197 vulnerabilities), and water (with 171 vulnerabilities).

Amir Preminger, VP of Research at Claroty, said, “There is a heightened awareness of the risks posed by ICS vulnerabilities and a sharpened focus among researchers and vendors to identify and remediate these vulnerabilities as effectively and efficiently as possible. We recognized the critical need to understand, evaluate, and report on the comprehensive ICS risk and vulnerability landscape to benefit the entire OT security community. Our findings show how important it is for organizations to protect remote access connections and internet-facing ICS devices, and to protect against phishing, spam, and ransomware, in order to minimize and mitigate the potential impacts of these threats.”