More than 70% of industrial control system (ICS) vulnerabilities disclosed in the first half (1H) of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and remote access connections.
Compared to 1H 2019, ICS vulnerabilities published by the National Vulnerability Database (NVD) increased by 10.3% from 331, while Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) advisories increased by 32.4% from 105. More than 75% of vulnerabilities were assigned high or critical Common Vulnerability Scoring System (CVSS) scores.
According to Amir Preminger, vp of Research at Claroty, there is a heightened awareness of the risks posed by ICS vulnerabilities and a sharpened focus among researchers and vendors to identify and remediate these vulnerabilities as effectively and efficiently as possible.
“We recognized the critical need to understand, evaluate, and report on the comprehensive ICS risk and vulnerability landscape to benefit the entire OT security community. It is important for organizations to protect remote access connections and internet-facing ICS devices, and to protect against phishing, spam, and ransomware, to minimise and mitigate the potential impacts of these threats,” said Preminger.
The Claroty Research Team discovered 26 ICS vulnerabilities disclosed during 1H 2020, prioritizing critical or high-risk vulnerabilities that could affect the availability, reliability, and safety of industrial operations.
These 26 vulnerabilities could have serious impacts on affected OT networks, because more than 60% enable some form of remote code execution (RCE).
The Claroty report, Biannual ICS Risk & Vulnerability Report, revealed that more than 70% of the vulnerabilities published by the NVD can be exploited remotely, reinforcing the fact that fully air-gapped ICS networks that are isolated from cyber threats have become vastly uncommon.
Additionally, the most common potential impact was RCE, possible with 49% of vulnerabilities – reflecting its prominence as the leading area of focus within the OT security research community – followed by the ability to read application data (41%), cause denial of service (DoS) (39%), and bypass protection mechanisms (37%).
The energy, critical manufacturing, and water & wastewater infrastructure sectors were by far the most impacted by vulnerabilities published in ICS-CERT advisories during 1H 2020.
Of the 385 unique Common Vulnerabilities and Exposures (CVEs) included in the advisories, energy had 236, critical manufacturing had 197, and water & wastewater had 171. Compared to 1H 2019, water & wastewater experienced the largest increase of CVEs (122.1%), while critical manufacturing increased by 87.3% and energy by 58.9%.