U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The number of ICS flaws in 2020 was 24,72% higher compared to 2019

The number of vulnerabilities discovered in industrial control system (ICS) products surged in 2020, security firm Claroty reports. According to a report published by the industrial cybersecurity firm Claroty that focuses on the second half of 2020, the number of flaws discovered in industrial control system (ICS) products in 2020 (893 flaws) was 24,72% higher […]

The number of vulnerabilities discovered in industrial control system (ICS) products surged in 2020, security firm Claroty reports.

According to a report published by the industrial cybersecurity firm Claroty that focuses on the second half of 2020, the number of flaws discovered in industrial control system (ICS) products in 2020 (893 flaws) was 24,72% higher compared to 2019.

Experts reported that 449 vulnerabilities were disclosed affecting ICS products from 59 vendors during 2H 2020. More than 70% of the issues
were rated as high or critical Common Vulnerability Scoring System (CVSS) scores, down from more than 75% in 1H 2020.

“The number of ICS vulnerabilities disclosed in 2020 increased by 32.89% compared to 2018 and 24.72% compared to 2019. The primary factors for the increase are likely heightened awareness of the risks posed by ICS vulnerabilities and increased focus from researchers and vendors on identifying and remediating such vulnerabilities as effectively and efficiently as possible.” reads the report published by Claroty.

The data doesn’t surprise Claroty because researchers and vendors have spent a significant effort in searching for vulnerabilities in industrial products. Most of the vulnerabilities discovered in ICS systems (71.49%) are exploited through a network attack vector (i.e. remotely exploitable), and 89.98% of them don’t require special conditions to exploit.

60.8% of vulnerabilities were reported by third-party experts.

“Among all third-party companies, there were 22 that reported their first disclosures, further evidence of growth in the ICS vulnerability research market. continues the report.

The analysis of the impact of ICS flaw by infrastructure sector revealed that in the second half of 2020 critical manufacturing (194 vulnerabilities), energy (186), water and wastewater (111), and commercial facilities (108) were most impacted industries.

The majority of the products with disclosed and patched flaws in the 2H of 2020 belong to Schneider, Mitsubishi, and Siemens.

ICS flaws

“Compounding the risk is the fact that attacks against ICS devices and OT networks tend to be targeted. While ICS and SCADA vulnerability research is maturing, there are still many decades-old security issues yet uncovered.” concludes the report. “For the time being, attackers may have an edge in exploiting them, because defenders are often hamstrung by uptime requirements and an increasing need for detection capabilities against exploitable flaws that could lead to process interruption or manipulation.”

Let me suggest to read with attention the report because it provides a clear picture of the security of ICS systems.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ICS)

[adrotate banner=”5″]

[adrotate banner=”13″]