Security News > 2021 > February > Industrial control systems vulnerabilities rise as operational tech increasingly goes online
Claroty said 25% more vulnerabilities were reported in 2020 than in 2019, 70% of which had high or critical CVSS scores.
Industrial cybersecurity company, Claroty, has released its biannual industrial control systems risk and vulnerability report, which found that the number of reported vulnerabilities increased by 25% when compared to 2019, with critical infrastructure areas like manufacturing, energy, water, and commercial facilities being most affected.
The flaws themselves aren't low risk, either: 75% of the vulnerabilities reported in the first half of 2020 had high or critical CVSS scores, and in the second half of 2020, 70% ranked the same.
Claroty only reported specific numbers for the second half of 2020, in which 449 vulnerabilities were reported in software from 59 different vendors, with far more affecting the critical manufacturing and energy sectors, with 194 and 186 vulnerabilities, respectively.
"Year-over-year, the chart below shows continuing growth in vulnerabilities disclosed in critical infrastructure sectors, almost uniformly across the board in all but a few sectors," Claroty said in its report.
One of the most important factors in the severity of vulnerabilities found in ICS is their simplicity: As mentioned above, 90% of vulnerabilities discovered in the second half of 2020 require no special conditions to trigger.