Claroty Biannual ICS Risk & Vulnerability Report: 1H 2020
This report details The Claroty Research Team’s assessment of all industrial control system (ICS) vulnerabilities disclosed during the first half of the year (1H 2020), the challenges they pose to security practitioners, and what conclusions can be drawn from publicly available data.
Key findings of the report reveal the most-affected vendors, products, sectors, and regions, the most prevalent criticality scores, attack vectors, impacts, and other characteristics of these vulnerabilities, and how the ICS risk & vulnerability landscape has changed since 1H 2019.
- Energy, critical manufacturing, and water & wastewater are the infrastructure sectors most affected by the 365 ICS vulnerabilities disclosed by the NVD in 1H 2020
- 76% of these vulnerabilities have high or critical CVSS severity ratings, whereas 70% can be exploited remotely via a network attack vector
- The five most prevalent CWEs among these vulnerabilities all rank highly on MITRE’s Most Dangerous Software Errors list due to their ease of exploitation and ability to seriously compromise the availability, reliability, and/or safety of industrial systems