- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- Change these 10 iOS settings right now to instantly get better iPhone battery life
- How to clear the cache on your Windows 11 PC (and why you shouldn't wait to do it)
- These Sony headphones deliver premium sound and comfort - without the premium price
- The LG soundbar I prefer for my home theater slaps with immersive audio - and it's not the newest model
An In-Depth Look at ICS Vulnerabilities Part 3
The items on this chart are showing what percentages of ICS-affecting vulnerabilities identified by 2021 advisories are caused by what kind of weaknesses – “flaws, faults, bugs, or other errors” – in coding.
Nine percent was caused by CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, while CWE-787 Out-of-Bounds Write affected 8.3%.
Additionally, 6.7% was caused by CWE-20 Improper Input Validation and 4.8% was due to CWE-79 Improper Neutralization of Input During Web Page Generation.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor affected 4.7%. CWE-125 Out-of-Bounds Read also affected 4.7%, while other weaknesses amounted to 61.9%
These CWE statistics show that many ICS vulnerabilities are related to or result from insecure coding. This reflects that vendors or programmers are not comprehensively checking their code before its release, and this will represent a challenge going forward.
From the development side, the steadily climbing and sometimes rapidly increasing numbers of vulnerabilities and the pattern of weakness prevalence from year to year suggest to our researchers that trends in developer security have not changed much over time.
Our analysis of CVEs identified in ICS-CERT advisories as affecting ICS environments shows that larger and larger numbers of these vulnerabilities are discovered every year.
The fast-increasing number of vulnerabilities that can be used to attack work sites has created challenges for the current methods of tracking and addressing emergent vulnerabilities. This is further complicated by issues such as the unpredictable timeline for information availability – organizations cannot rely on vendors, researchers, or anyone organization to keep work environments safe from threats.
Cybercriminals can cause major damage and loss by compromising ICS operations. This can lead to shutdowns, equipment damage, and health and safety risks. ICS attacks can also result in loss of financial assets, reputation, intellectual property, and competitive advantage.
With Trend Micro, you have visibility into threats affecting ICS/OT through IT and CT, plus enhanced detection and response.
To learn more about our ICS cybersecurity solutions, click here.
