• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Most Disclosed ICS Vulnerabilities are Low Complexity

You are here: Home / General Cyber Security News / Most Disclosed ICS Vulnerabilities are Low Complexity
March 3, 2022

Industrial handle technique (ICS) vulnerability disclosures have surged, and most vulnerabilities noted are minimal complexity, in accordance to new research by security company Claroty.

The fourth Biannual ICS Risk & Vulnerability Report from Claroty’s Workforce82 found that the volume of disclosures has elevated by 110% in excess of the very last 4 yrs. In the 2nd fifty percent of 2021, 797 vulnerabilities have been revealed, representing a 25% increase from the 637 noted in excess of the very first six months of 2021.

Researchers noted: “87% of vulnerabilities are very low complexity, indicating they really don’t need exclusive problems and an attacker can be expecting repeatable achievement just about every time.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


ICS vulnerabilities are not minimal to operational technology (OT), as just around a 3rd (34%) of disclosures impacted IoT, IoMT and IT assets. 

“As much more cyber-bodily techniques turn out to be linked, accessibility to these networks from the internet and the cloud requires defenders to have well timed, helpful vulnerability details to notify risk selections,” claimed Amir Preminger, vice president of exploration at Claroty. 

“The enhance in digital transformation, merged with converged ICS and IT infrastructure, allows researchers to increase their get the job done beyond OT to the XIoT.

Just about two-thirds (64%) of vulnerabilities call for no person interaction, and 70% do not need specific privileges prior to correctly exploiting a vulnerability.

Half of the vulnerabilities were disclosed by 3rd-party organizations, and most of these have been found out by researchers at cybersecurity providers. In the second half of 2021, 55 new researchers documented vulnerabilities. 

Researchers attributed the 76% improve in vulnerabilities disclosed by interior vendor investigation to “a maturing sector and self-discipline close to vulnerability research” and explained it showed that distributors are allocating much more resources to securing their items.

Just underneath two-thirds of the vulnerabilities (63%) disclosed may be exploited remotely by way of a network attack vector.

Researchers located that the primary opportunity effect of the vulnerabilities is distant code execution (prevalent in 53% of vulnerabilities), adopted by denial-of-company conditions (42%), bypassing security mechanisms (37%) and allowing the adversary to study software information (33%).

Preminger said: “High-profile cyber incidents in 2H 2021 such as the Tardigrade malware, the Log4j vulnerability and the ransomware attack on NEW Cooperative show the fragility of these networks, stressing the will need for security exploration community collaboration to find out and disclose new vulnerabilities.”


Some elements of this posting are sourced from:
www.infosecurity-magazine.com

Previous Post: «phishing campaign targeted those aiding ukraine refugees Phishing Campaign Targeted Those Aiding Ukraine Refugees
Next Post: Cisco patches critical bugs in collaboration products cisco patches critical bugs in collaboration products»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.