Security News > 2021 > August > ICS vulnerability reports are increasing in number and severity, and exploit complexity is dropping
71% of vulnerabilities found in the first half of 2021 are classified as high or critical, and 90% are of low complexity, meaning an attacker can expect repeated success under a variety of conditions, says Claroty.
Industrial cybersecurity company Claroty has released a report on the state of vulnerabilities in industrial control systems in the first half of 2021, and the data reveals several serious issues that should leave any business with an ICS system on high alert.
The number of vulnerabilities in ICS systems disclosed in the first half of 2021 showed significant acceleration, Claroty said, in its 41% increase over the number of vulnerabilities disclosed in the first half of 2020.
2021 has been a huge year for ICS and OT security, said primary report author and Claroty security researcher Chen Fradkin.
Sixty percent of the vulnerabilities reported in the software side have been patched or remediated, but there's bad news for those worried about firmware vulnerabilities, which Fradkin describes as "Scarce."
With remediation levels lower than may be comfortable on both the software and firmware sides, organizations with OT and ICS networks need to take proper steps to protect those systems from attackers, especially as existing OT and ICS hardware is connected to the internet, which wasn't considered when older hardware was developed.