CHANDLER, Ariz., Jan. 19, 2023 /PRNewswire/ — SynSaber, an early-stage ICS/OT cybersecurity and asset monitoring firm, introduced immediately the discharge of the corporate’s second Industrial Management Methods (ICS) Vulnerabilities & CVEs Report. The report analyzes the 920+ CVEs launched by CISA within the second half of 2022 to find out the next:
- Who’s reporting the vulnerabilities?
- What remediations (if any) can be found?
- What are the severity ranges and potential impacts?
- How does the info evaluate to the CVEs reported within the first half of the yr?
“Yr after yr, there’s a deluge of vulnerability disclosures in industrial management techniques, usually creating nervousness because the safety neighborhood makes an attempt to patch or remediate every level of publicity — an inconceivable feat,” mentioned Ron Fabela, CTO of SynSaber. “Our aim with this report is to research the 920+ CVEs, and collect insights for the ICS trade relating to which CVEs ought to be taken most significantly and which will be accepted as part of the group’s threat administration technique.”
Key Findings:
- For the CVEs reported within the second half of 2022, 35% haven’t any patch or remediation at present out there from the seller (up from 13% within the first half of the yr)
- Whereas 56% of the CVEs have been reported by the Unique Tools Producer (OEM), 43% have been submitted by safety distributors and unbiased researchers (these figures had been in step with the primary half of 2022)
- 28% of the CVEs require native or bodily entry to the system to be able to exploit (up from 23% in the course of the first half of 2022)
- Of the CVEs reported within the second half of 2022, 22% can and ought to be prioritized and addressed first (with group and vendor planning)
The amount of CVEs reported by way of CISA ICS Advisories and different entities isn’t more likely to lower. It is necessary for asset homeowners and people defending vital infrastructure to grasp when remediations can be found, and the way these remediations ought to be carried out and prioritized.
For extra data on the report, please go to: https://synsaber.com/sources/ics-vulnerabilities-and-cves-second-half-2022/
About SynSaber:
SynSaber is the easy, versatile, and scalable industrial asset and community monitoring resolution that gives steady perception into the standing, vulnerabilities, and threats throughout each level within the industrial ecosystem, empowering operators to watch, detect and defend OT/IT techniques and shield vital infrastructure. SynSaber is privately held with funding from SYN Ventures, Rally Ventures, and Cyber Mentor Fund. Be taught extra at SynSaber.com.
SOURCE SynSaber
