Softpedia >News >Security
Softpedia Homepage   

More Than 600 ICS Flaws Spotted in H1 2021

A study by Claroty, a company specialising in industrial cyber security, reveals disturbing results about ICS products

Aug 21, 2021 06:31 GMT  ·  By
More Than 600 ICS Flaws Spotted in H1 2021
   More Than 600 ICS Flaws Spotted in H1 2021

In the first six months of this year, 600 vulnerabilities were discovered in ICS products (Industrial Control Systems), impacting 76 vendors. The number of vulnerabilities increased by 41% in the same period, according to Claroty's ICS Risk & Vulnerability Report: H1 2021

As the need to connect devices to the internet increases, so does the risk of being attacked by cybercriminals. Companies need to drive their business and invest in Operational Technology (OT) devices, and threat actors are using this growth to their advantage, seeking to launch hacking campaigns by taking advantage of companies that have vulnerable IT systems.

Advantech (22), WAGO (23), Rockwell Automation (35), Schneider Electric (65) and Siemens (146 vulnerabilities) are the most affected manufacturers. An important aspect is that the list of affected manufacturers also includes 20 companies whose products were not affected by any of the bugs reported last year.

Amir Preminger, vice president of research at Claroty stated “As more enterprises are modernizing their industrial processes by connecting them to the cloud, they are also giving threat actors more ways to compromise industrial operations through ransomware and extortion attacks”.

"The recent cyber attacks on Colonial Pipeline, JBS Foods, and the Oldmsar, Florida water treatment facility have not only shown the fragility of critical infrastructure and manufacturing environments that are exposed to the internet, but have also inspired more security researchers to focus their efforts on ICS specifically”.

The following are the main results of the study: 

  • The difference between vulnerabilities found in H1 2021 and H2 2020 is 151 more this year 
  • Of all vulnerabilities, 81% were found by non-vendor sources, including diverse research organizations, independent researchers, third-party corporations, and academics 
  • Most of the vulnerabilities were critically or highly rated and constituted a severe danger to industrial control systems 
  • The majority of the vulnerabilities, 90%, were discovered to be exploitable without the need for any specialized knowledge 
  • Only 61% of the vulnerabilities were exploitable from a distant location 
  • It was possible to exploit 66% of the vulnerabilities without the need user interaction
  • 74% of the vulnerabilities did not necessitate the use of administrative rights