Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Over 600 ICS Vulnerabilities Disclosed in First Half of 2021: Report

More than 600 vulnerabilities affecting industrial control system (ICS) products were disclosed in the first half of 2021, according to industrial cybersecurity firm Claroty.

More than 600 vulnerabilities affecting industrial control system (ICS) products were disclosed in the first half of 2021, according to industrial cybersecurity firm Claroty.

The existence of 637 ICS flaws affecting the products of 76 vendors was brought to light in the first six months of 2021, and more than 70% of them have been assigned critical or high severity ratings. In comparison, only 449 vulnerabilities were disclosed in the second half of 2020.

An analysis conducted by Claroty showed that a vast majority of the security holes disclosed in H1 2021 do not require special conditions for exploitation, three-quarters do not require any privileges, and two-thirds can be exploited without user interaction.

The company said 61% of the flaws can be exploited remotely and 65% of them can be leveraged for denial-of-service (DoS) attacks, which can have a more significant impact in the case of ICS compared to IT systems.

More than 80% of the vulnerabilities were reported to vendors by external researchers. Of the researchers who reported flaws disclosed in the first half of 2021, 42 were new researchers.

ICS vulnerability disclosure sources

The top affected vendors are Siemens (146 vulnerabilities), Schneider Electric (65), Rockwell Automation (35), WAGO (23) and Advantech (22). It’s worth noting that the list of impacted vendors also includes 20 companies whose products were not affected by any of the flaws disclosed last year.

A majority of the security holes impact products on the operations management level (historians, OPC servers), followed by the basic control (PLC, RTU), and supervisory control (HMI, SCADA) levels.

“As more enterprises are modernizing their industrial processes by connecting them to the cloud, they are also giving threat actors more ways to compromise industrial operations through ransomware and extortion attacks,” said Amir Preminger, vice president of research at Claroty.

Advertisement. Scroll to continue reading.

“The recent cyber attacks on Colonial Pipeline, JBS Foods, and the Oldmsar, Florida water treatment facility have not only shown the fragility of critical infrastructure and manufacturing environments that are exposed to the internet, but have also inspired more security researchers to focus their efforts on ICS specifically,” Preminger added.

More details, as well as information on mitigations and remediations, are available in Claroty’s ICS Risk & Vulnerability Report for H1 2021. In its ICS Risk & Vulnerability Report for 2020, the company revealed that 893 vulnerabilities were disclosed in 2020, which represented a significant increase compared to the previous year. Considering that over 600 vulnerabilities have already been disclosed in 2021, the number could exceed 1,000 by the end of the year.

Related: Analysis of ICS Exploits Can Help Defenders Prioritize Vulnerability Remediation

Related: Many ICS Vulnerability Advisories Contain Errors

Related: Industrial Firms Warned of Risk Posed by Cloud-Based ICS Management Systems

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.