Critical Infrastructure Security

ICS vulnerability prevalence rises

Vulnerabilities in industrial control systems rose from 1,191 in 2021 to 1,342 last year, even though the number of ICS and ICS medical advisories from the Cybersecurity and Infrastructure Security Agency held steady between 2020 and 2022, according to SecurityWeek. Almost 1,000 security flaws reported last year were "critical" or "high" severity, with the number of critical bugs increasing from 186 to about 300 between 2021 and 2022, a SynSaber report revealed. Meanwhile, Siemens accounted for many of the identified ICS flaws last year, with the company having the highest number of self-reported vulnerabilities at 544, compared with second place Hitachi, which had 64 self-reported bugs. "The team at Siemens product security continues to increase its reporting cadence with significant year-over-year growth of nearly 3x. While this does inflate the number of known CVEs that affect Siemens product lines compared to others, this should not be viewed as Siemens products being less secure. On the contrary, a mature and repeatable OEM self-reporting process is something all other OEMs should strive to achieve," said SynSaber.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.