⚙️ Complimentary Human-Readable OT PCAP Analyzer for the ICS Community Get Access
> > > > ICS CVE Research Report - First Half of 2023
ICS CVE Report First Half of 2023

ICS CVE Research:
First Half of 2023

SynSaber collaborated with the ICS Advisory Project to provide a joint research report focused on ICS CVEs reported via CISA ICS Advisories during the first half of 2023. The report covers:

•  Insights from ICS CVE Severity ranking & CVSS criteria
•  Percentage of CVEs that require local/physical access to exploit
•  Increase in CVE reporting from OEMs, Security vendors, & Academic researchers
•  Percentage of CVEs that currently have no patch or remediation available

🤜🤛 SynSaber + ICS Advisory Project
Teaming Up To Provide CVE Insights

SynSaber is excited to partner with the ICS Advisory Project in our continued analysis of CVEs reported via CISA ICS Advisories. We sought to find and evaluate notable trends in CVEs from the first half of 2023 to help OT and ICS asset owners prioritize and remediate any vulnerabilities that may impact their environment. We hope that the analysis contained within our first joint research report can be used by industrial security teams to better understand and remediate future vulnerabilities.

SynSaber and ICS Advisory Project logos

🔽 Reported CVEs Have Decreased
But “Forever-Days” Have Gone Up

While the total number of CVEs and ICS Advisories have decreased as compared to the first half of 2022, the percentage of “Forever-Days,” or those with no patch or remediation currently available from the vendor, have more than doubled from the first half of last year.

Here’s a sneak peek of some CVE stats you’ll find in the ICS CVE joint research report:

► The total number of CISA ICS Advisories has decreased almost 10% as compared to the first half of 2022

► The total number of reported CVEs has also gone down (slight decrease of 1.6% as compared to the first half of 2022)

► 34% of the CVEs reported in the first half of 2023 currently have no patch or remediation available from the vendor (up from 13% in the first half of 2022)

► Manufacturing (37.3%) and Energy (24.3%) were the two critical infrastructure sectors most likely to be impacted by reported CVEs

SynSaber is the simple, flexible, and scalable industrial asset and network monitoring solution that provides continuous insight into the status, vulnerabilities, and threats across every point in the industrial ecosystem, empowering operators to observe, detect and defend OT/IT systems and protect critical infrastructure. Navigate your security quest with confidence.

Contact Us
OT Security Rising Star banner
2022 SC trust awards finalist award badge in black, gold, white
Globee Cybersecurity Awards silver winner badge

© 2023 SynSaber. All rights reserved

Sitemap | Terms of Use | Privacy Policy