The number of industrial control system vulnerabilities surged in 2020

by ·

According to Claroty’s latest report, industrial control system vulnerabilities disclosed in the second half of 2020 increased by 25% year-on-year and 33% more than the first half of 2020. 71% of the disclosed industrial control system (ICS) vulnerabilities can be exploited remotely through network attack vectors.

In the second half of 2020, a total of 449 ICS product vulnerabilities from 59 vendors were disclosed, 70% of which had a high CVSS score or critical, and 76% of vulnerabilities could be exploited without authentication.

Amir Preminger, vice president of research at Claroty, said: “The accelerated convergence of IT and OT networks due to digital transformation enhances the efficiency of ICS processes, but also increases the attack surface available to adversaries. Nation-state actors are clearly looking at many aspects of the network perimeter to exploit, and cybercriminals are also focusing specifically on ICS processes, which emphasizes the need for security technologies such as network-based detection and secure remote access in industrial environments. It is heartening to see a growing interest in ICS within the security research community, as we must shine a brighter light on these vulnerabilities in order to keep threats at arm’s length.

Report highlight

  • Critical manufacturing increased 15% from 2H 2019 and 66% from 2H 2018
  • Energy increased 8% from 2H 2019 and 74% from 2H 2018
  • Water and wastewater increased 54% from 2H 2019 and 63% from 2H 2018
  • Commercial facilities increased 14% from 2H 2019 and 140% from 2H 2018

The number of ICS vulnerabilities disclosed in 2020 has increased by more than 30% compared with 2018 and has increased by nearly 25% compared with 2019. In recent years, the number of ICS vulnerabilities has soared mainly due to two factors: the increased awareness of ICS vulnerabilities and the increased efforts of researchers and vendors to identify and repair security vulnerabilities. This growth also shows that safety research on CS products is gradually mature.