ICS vulnerabilities: Insights from advisories, how CVEs are reported


SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report.

In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, talks about the key findings:

  • For the CVEs reported in the second half of 2022, 35% have no patch or remediation currently available from the vendor (up from 13% in the first half of the year)
  • While 56% of the CVEs have been reported by the Original Equipment Manufacturer (OEM), 43% have been submitted by security vendors and independent researchers (these figures were consistent with the first half of 2022)
  • 28% of the CVEs require local or physical access to the system in order to exploit (up from 23% during the first half of 2022)
  • Of the CVEs reported in the second half of 2022, 22% can and should be prioritized and addressed first (with organization and vendor planning)



Source link