Security News > 2023 > August > Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023

About 34% of security vulnerabilities impacting industrial control systems that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year.

According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S. Cybersecurity and Infrastructure Security Agency in the first half of 2023, down from 681 reported during the first half of 2022.

Of the 670 CVEs, 88 are rated Critical, 349 are rated High, 215 are rated Medium, and 18 are rated Low in Severity.

What's more, a majority of CVE reports originated from original equipment manufacturers and security vendors in the United States, followed by China, Israel, and Japan.

"Forever-Day vulnerabilities remain an issue - six CISA Advisories identified for ICS vendor products that reached end of life with 'Critical' severity vulnerabilities have no update, patch, hardware/ software/ firmware updates, or known workarounds," the company pointed out.

The findings come as Nozomi Networks revealed a "High volume of network scanning indications in water treatment facilities, cleartext password alerts across the building materials industry, program transfer activity in industrial machinery, [and] OT protocol packet injection attempts in oil and gas networks."

News URL

https://thehackernews.com/2023/08/industrial-control-systems.html