ICS/OT cybersecurity firm finds 35% of CVEs in second half of 2022 unpatchable.

January 19, 2023

2 Min Read

PRESS RELEASE

CHANDLER, Ariz., Jan. 19, 2023 /PRNewswire/ -- SynSaber, an early-stage ICS/OT cybersecurity and asset monitoring company, announced today the release of the company's second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. The report analyzes the 920+ CVEs released by CISA in the second half of 2022 to determine the following:

  • Who is reporting the vulnerabilities?

  • What remediations (if any) are available?

  • What are the severity levels and potential impacts?

  • How does the data compare to the CVEs reported in the first half of the year?

"Year after year, there is a deluge of vulnerability disclosures in industrial control systems, often creating anxiety as the security community attempts to patch or remediate each point of exposure — an impossible feat," said Ron Fabela, CTO of SynSaber. "Our goal with this report is to analyze the 920+ CVEs, and gather insights for the ICS industry regarding which CVEs should be taken most seriously and which can be accepted as a part of the organization's risk management strategy."

Key Findings:

  • For the CVEs reported in the second half of 2022, 35% have no patch or remediation currently available from the vendor (up from 13% in the first half of the year)

  • While 56% of the CVEs have been reported by the Original Equipment Manufacturer (OEM), 43% have been submitted by security vendors and independent researchers (these figures were consistent with the first half of 2022)

  • 28% of the CVEs require local or physical access to the system in order to exploit (up from 23% during the first half of 2022)

  • Of the CVEs reported in the second half of 2022, 22% can and should be prioritized and addressed first (with organization and vendor planning)

The volume of CVEs reported via CISA ICS Advisories and other entities is not likely to decrease. It's important for asset owners and those defending critical infrastructure to understand when remediations are available, and how those remediations should be implemented and prioritized.

For more information on the report, please visit: https://synsaber.com/resources/ics-vulnerabilities-and-cves-second-half-2022/

About SynSaber: 

SynSaber is the simple, flexible, and scalable industrial asset and network monitoring solution that provides continuous insight into the status, vulnerabilities, and threats across every point in the industrial ecosystem, empowering operators to observe, detect and defend OT/IT systems and protect critical infrastructure. SynSaber is privately held with funding from SYN Ventures, Rally Ventures, and Cyber Mentor Fund. Learn more at SynSaber.com.

SOURCE SynSaber

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Mitre company logo
Cyberattacks & Data Breaches
Top MITRE ATT&CK Techniques and How to Defend Against ThemTop MITRE ATT&CK Techniques and How to Defend Against Them
byNate Nelson, Contributing Writer
Apr 10, 2024
4 Min Read
A medical professional wearing scrub attire clicking on a screen in front of her
Cyberattacks & Data Breaches
Round 2: Change Healthcare Targeted in Second Ransomware AttackRound 2: Change Healthcare Targeted in Second Ransomware Attack
byDark Reading Staff
Apr 8, 2024
2 Min Read
A magnifying glass being held up in front of the apple logo
Vulnerabilities & Threats
Apple Warns Users in 150 Countries of Mercenary Spyware AttacksApple Warns Users Targeted by Mercenary Spyware
byDark Reading Staff
Apr 11, 2024
1 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events