ICS/OT Cybersecurity Firm Finds 35 Percent of CVEs in Second Half of 2022 Unpatchable
SynSaber, an early-stage ICS/OT cybersecurity and asset monitoring company, announced today the release of the company’s second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. The report analyzes the 920+ CVEs released by CISA in the second half of 2022 to determine the following:
- Who is reporting the vulnerabilities?
- What remediations (if any) are available?
- What are the severity levels and potential impacts?
- How does the data compare to the CVEs reported in the first half of the year?
“Year after year, there is a deluge of vulnerability disclosures in industrial control systems, often creating anxiety as the security community attempts to patch or remediate each point of exposure — an impossible feat,” said Ron Fabela, CTO of SynSaber. “Our goal with this report is to analyze the 920+ CVEs, and gather insights for the ICS industry regarding which CVEs should be taken most seriously and which can be accepted as a part of the organization’s risk management strategy.”
Key Findings:
- For the CVEs reported in the second half of 2022, 35% have no patch or remediation currently available from the vendor (up from 13% in the first half of the year)
- While 56% of the CVEs have been reported by the Original Equipment Manufacturer (OEM), 43% have been submitted by security vendors and independent researchers (these figures were consistent with the first half of 2022)
- 28% of the CVEs require local or physical access to the system in order to exploit (up from 23% during the first half of 2022)
- Of the CVEs reported in the second half of 2022, 22% can and should be prioritized and addressed first (with organization and vendor planning)
The volume of CVEs reported via CISA ICS Advisories and other entities is not likely to decrease. It’s important for asset owners and those defending critical infrastructure to understand when remediations are available, and how those remediations should be implemented and prioritized.
For more information on the report, please visit: https://synsaber.com/resources/ics-vulnerabilities-and-cves-second-half-2022/
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!