The most disclosed ICS vulnerabilities are of low complexity

Disclosures of Industrial Control System (ICS) vulnerabilities have increased and most reported vulnerabilities are low complexity, according to new research from security firm Claroty.

The fourth Semi-Annual ICS Risk and Vulnerability Report of Claroty’s Team82 found that the volume of disclosures increased by 110% over the past four years. In the second half of 2021, 797 vulnerabilities were published, a 25% increase from the 637 reported in the first six months of 2021.

The researchers noted, “87% of vulnerabilities are low complexity, meaning they don’t require special conditions and an attacker can expect repeatable success every time.

ICS vulnerabilities are not limited to operational technology (OT), as just over a third (34%) of disclosures were related to IoT, IoMT and IT assets.

“As more and more cyber-physical systems are connected, accessibility to these networks from the Internet and the cloud requires that defenders have timely and useful vulnerability information to inform risk decisions,” said said Amir Preminger, vice president of research at Claroty.

“Rising digital transformation, combined with a converged ICS and computing infrastructure, allows researchers to extend their work beyond OT to XIoT.

Nearly two-thirds (64%) of vulnerabilities require no user interaction and 70% do not require special privileges before successfully exploiting a vulnerability.

Half of the vulnerabilities were disclosed by third-party companies, and most of them were discovered by researchers from cybersecurity companies. In the second half of 2021, 55 new researchers reported vulnerabilities.

The researchers attributed the 76% increase in vulnerabilities uncovered by internal vendor research to “a maturing industry and discipline around vulnerability research” and said it showed that vendors were allocating more resources to securing their products.

Just under two-thirds of disclosed vulnerabilities (63%) can be exploited remotely via a network attack vector.

The researchers found that the main potential impact of vulnerabilities is remote code execution (present in 53% of vulnerabilities), followed by denial of service conditions (42%), circumvention of protection mechanisms (37% ) and the possibility for the adversary to read the application. data (33%).

Preminger said: “High-profile cyber incidents in 2H 2021 such as the Tardigrade malware, the Log4j vulnerability and the NEW Cooperative ransomware attack show the fragility of these networks, highlighting the need for collaboration from the research community. safe to discover and disclose new vulnerabilities. ”

Sharon D. Cole