ICS/OT Cybersecurity Firm Finds 13 Percent of CVEs in First 6 Mos Unpatchable
Chandler, AZ (PRNewswire) – SynSaber, an early-stage ICS/OT cybersecurity and asset monitoring company, announced today the release of the company’s inaugural Industrial Control Systems (ICS) Vulnerability Report H1 2022, which analyzes the CVEs released by CISA in the first half of 2022 to determine vulnerability severity, impact on organizations, and who is reporting these vulnerabilities to the market and CISA.
“The industry is being flooded by vulnerability disclosures creating panic within the security community to patch and remediate each point of exposure, which is an impossible feat,” said Ron Fabela, CTO of SynSaber. “This report aims to provide a real view to the ICS industry on which CVEs teams should be paying attention to and which can be taken on as an acceptable amount of risk for the organization.”
The volume of CVEs reported via CISA ICS Advisories and other entities is not likely to decrease. It’s important for asset owners and those defending critical infrastructure to understand when remediations are available, and how those remediations should be implemented and prioritized.
Here are a few of the key findings from the research report:
- For the CVEs reported in 2022, 13% have no patch or remediation currently available from the vendor (and 34% require a firmware update)
- While 56% of the CVEs have been reported by the Original Equipment Manufacturer (OEM), 42% have been submitted by security vendors and independent researchers (remaining 2% were reported directly by an asset owner and a government CERT)
- 23% of the CVEs require local or physical access to the system in order to exploit
- Of the CVEs reported thus far in 2022, 41% can and should be prioritized and addressed first (with organization and vendor planning)
For more information on the report, please visit: https://synsaber.com/resources/ics-vulnerabilities-h1-2022/
SynSaber founders will also be attending the upcoming Black Hat USA 2022 conference in Las Vegas, and can discuss the research report or other topics related to OT cybersecurity. Reach out to [email protected] to secure a meeting.
SynSaber is the simple, flexible, and scalable industrial asset and network monitoring solution that provides continuous insight into the status, vulnerabilities, and threats across every point in the industrial ecosystem, empowering operators to observe, detect and defend OT/IT systems and protect critical infrastructure. SynSaber is privately held with funding from SYN Ventures, Rally Ventures, and Cyber Mentor Fund. Learn more at SynSaber.com.