ICS vulnerabilities: Insights from advisories, how CVEs are reported
SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report.
In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, talks about the key findings:
- For the CVEs reported in the second half of 2022, 35% have no patch or remediation currently available from the vendor (up from 13% in the first half of the year)
- While 56% of the CVEs have been reported by the Original Equipment Manufacturer (OEM), 43% have been submitted by security vendors and independent researchers (these figures were consistent with the first half of 2022)
- 28% of the CVEs require local or physical access to the system in order to exploit (up from 23% during the first half of 2022)
- Of the CVEs reported in the second half of 2022, 22% can and should be prioritized and addressed first (with organization and vendor planning)