ICS/OT Cybersecurity Firm Finds 35% of CVEs in 2nd Half 2022 Unpatchable
Chandler, AZ (PRNewswire) – SynSaber, an early-stage ICS/OT cybersecurity and asset monitoring company, announced today the release of the company’s second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report.
The report analyzes the 920+ CVEs released by CISA in the second half of 2022 to determine the following:
- Who is reporting the vulnerabilities?
- What remediations (if any) are available?
- What are the severity levels and potential impacts?
- How does the data compare to the CVEs reported in the first half of the year?
“Year after year, there is a deluge of vulnerability disclosures in industrial control systems, often creating anxiety as the security community attempts to patch or remediate each point of exposure — an impossible feat,” said Ron Fabela, SynSaber Co-founder.
“Our goal with this report is to analyze the 920+ CVEs, and gather insights for the ICS industry regarding which CVEs should be taken most seriously and which can be accepted as a part of the organization’s risk management strategy.”
- For the CVEs reported in the second half of 2022, 35% have no patch or remediation currently available from the vendor (up from 13% in the first half of the year)
- While 56% of the CVEs have been reported by the Original Equipment Manufacturer (OEM), 43% have been submitted by security vendors and independent researchers (these figures were consistent with the first half of 2022)
- 28% of the CVEs require local or physical access to the system in order to exploit (up from 23% during the first half of 2022)
- Of the CVEs reported in the second half of 2022, 22% can and should be prioritized and addressed first (with organization and vendor planning)
The volume of CVEs reported via CISA ICS Advisories and other entities is not likely to decrease. It’s important for asset owners and those defending critical infrastructure to understand when remediations are available, and how those remediations should be implemented and prioritized.
For more information on the report, please visit: https://synsaber.com/resources/ics-vulnerabilities-and-cves-second-half-2022/
SynSaber is the simple, flexible, and scalable industrial asset and network monitoring solution that provides continuous insight into the status, vulnerabilities, and threats across every point in the industrial ecosystem, empowering operators to observe, detect and defend OT/IT systems and protect critical infrastructure. SynSaber is privately held with funding from SYN Ventures, Rally Ventures, and Cyber Mentor Fund. Learn more at SynSaber.com.