• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Over a Third of Recent ICS Bugs Still Have No Vendor Patch

You are here: Home / General Cyber Security News / Over a Third of Recent ICS Bugs Still Have No Vendor Patch
January 19, 2023

Industrial manage program (ICS) operators are getting permit down by their sellers, soon after new investigate discovered that 35% of CVEs posted in the next fifty percent of 2022 nevertheless have no readily available patch.

SynSaber’s ICS Vulnerabilities report for H2 2022 analyzed the 926 CVEs documented through Cybersecurity and Infrastructure Security Company (CISA) ICS Advisories in the second fifty percent of 2022.

It located that, not only have ICS asset proprietors experienced to contend with an maximize in revealed CVEs – up 36% from the 681 documented in the to start with 50 percent of the calendar year – but in many circumstances their methods are exposed due to a absence of seller updates.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


SynSaber argued that delays are usually owing to the fact that “Original Equipment Manufacturer (OEM) sellers normally have rigorous patch testing, approval and installation procedures.”

Nevertheless, even when patches are readily available, ICS asset homeowners can wrestle to update programs in a timely manner.

“Operators must contemplate interoperability and guarantee limitations to environment-extensive adjustments in addition to waiting around for the upcoming servicing cycle,” the report argued.

On a much more favourable note, SynSaber claimed that just a fifth (22%) of the CVEs posted in the second half of 2022 ought to be prioritized for patching, down from 41% in the prior 6 months.

That is down in part to the likelihood of exploitation: it claimed all over 11% of CVEs published in H2 2022 require area and person interaction for profitable exploitation, when 25% require consumer interaction no matter of network availability.

Patching is critically vital, presented the uptick in threats focusing on critical infrastructure sectors which operate ICS gear, pushed in section by the war in Ukraine.

Nozomi Networks claimed in a new report that production and electricity ended up the most susceptible industries in the second 50 percent of 2022, followed by drinking water/wastewater, health care and transportation systems.

The business said its honeypots detected 5000 attacks on operational technology (OT) and IoT units in just about every of July, Oct and December.

“Railways, in specific, have been matter to attacks, main to the implementation of actions developed to protect rail operators and their belongings,” defined the vendor’s OT/IoT security exploration evangelist, Roya Gordon.

“As cyber-threats evolve and intensify, it is significant for corporations to have an understanding of how threat actors are concentrating on OT/IoT and the steps expected to protect critical assets from menace actors.”


Some elements of this report are sourced from:
www.infosecurity-magazine.com

Previous Post: «bitzlato crypto exchange founder arrested for aiding cybercriminals Bitzlato Crypto Exchange Founder Arrested for Aiding Cybercriminals

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over a Third of Recent ICS Bugs Still Have No Vendor Patch
  • Bitzlato Crypto Exchange Founder Arrested for Aiding Cybercriminals
  • Windows 11 System Restore bug preventing users from accessing apps
  • Hundreds of Malicious Packages Found in npm Registry
  • FTX: Over $400m Was Stolen from Bankrupt Exchange
  • Crypto-Exchange Used to Launder Ransomware Transactions Dismantled
  • Mailchimp Suffers Another Security Breach Compromising Some Customers’ Information
  • Chinese APT Group Vixen Panda Targets Iranian Government Entities
  • Over Four Billion People Affected By Internet Censorship in 2022
  • Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa

Copyright © TheCyberSecurity.News, All Rights Reserved.