Most Disclosed ICS Vulnerabilities are Low Complexity
Industrial control system (ICS) vulnerability disclosures have surged, and most vulnerabilities reported are low complexity, according to new research by security company Claroty.
The fourth Biannual ICS Risk & Vulnerability Report from Claroty’s Team82 found that the volume of disclosures has increased by 110% over the last four years. In the second half of 2021, 797 vulnerabilities were published, representing a 25% increase from the 637 reported over the first six months of 2021.
Researchers noted: “87% of vulnerabilities are low complexity, meaning they don’t require special conditions and an attacker can expect repeatable success every time.”
ICS vulnerabilities are not limited to operational technology (OT), as just over a third (34%) of disclosures affected IoT, IoMT and IT assets.
“As more cyber-physical systems become connected, accessibility to these networks from the internet and the cloud requires defenders to have timely, useful vulnerability information to inform risk decisions,” said Amir Preminger, vice president of research at Claroty.
“The increase in digital transformation, combined with converged ICS and IT infrastructure, enables researchers to expand their work beyond OT to the XIoT.
Nearly two-thirds (64%) of vulnerabilities require no user interaction, and 70% don’t require special privileges before successfully exploiting a vulnerability.
Half of the vulnerabilities were disclosed by third-party companies, and most of these were discovered by researchers at cybersecurity companies. In the second half of 2021, 55 new researchers reported vulnerabilities.
Researchers attributed the 76% increase in vulnerabilities disclosed by internal vendor research to “a maturing industry and discipline around vulnerability research” and said it showed that vendors are allocating more resources to securing their products.
Just under two-thirds of the vulnerabilities (63%) disclosed may be exploited remotely through a network attack vector.
Researchers found that the leading potential impact of the vulnerabilities is remote code execution (prevalent in 53% of vulnerabilities), followed by denial-of-service conditions (42%), bypassing protection mechanisms (37%) and allowing the adversary to read application data (33%).
Preminger said: “High-profile cyber incidents in 2H 2021 such as the Tardigrade malware, the Log4j vulnerability and the ransomware attack on NEW Cooperative show the fragility of these networks, stressing the need for security research community collaboration to discover and disclose new vulnerabilities.”