Seven in 10 security vulnerabilities affecting industrial control systems (ICS) can be exploited remotely, giving state-sponsored malicious actors a leg up, according to a new report. The risk has been exacerbated by the increased reliance on remote access to ICS networks amid the COVID-19 pandemic, researchers say.
The ICS Risk & Vulnerability Report released this week by Claroty covers an assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, affecting 53 vendors.
Compared to the first half of 2019, ICS vulnerabilities published by the NVD this year increased 10.3% from 331, while ICS-CERT advisories rose 32.4% from 105. More than 75% of vulnerabilities were assigned high or critical Common Vulnerability Scoring System scores.
In a key finding, the report mentions that more than 70% of the vulnerabilities published by the NVD can be exploited remotely, while the most common potential impact is remote code execution, possible with 49% of the vulnerabilities, followed by the ability to read application data, with 41%, cause denial of service, with 39%, and bypass protection mechanisms, in 37% of cases.
Vulnerabilities in critical manufacturing and energy, water and wastewater sectors are on the rise. Of the 385 unique CVEs included in the advisories, energy accounted for 236, critical manufacturing for 197, and water & wastewater for 171. Water & wastewater experienced the largest increase of CVEs, at122.1%, compared to the first half of 2019, while critical manufacturing increased by 87.3% and energy by 58.9%.
State-sponsored malicious actors have historically used remotely-exploitable flaws to disrupt critical systems in rival nations. Yet, fully air-gapped ICS networks isolated from external threats have become very uncommon. According to the report, the prominence of remote exploitation has been exacerbated by the global shift to a remote workforce and the increased reliance on remote access to ICS networks in response to the COVID-19 pandemic.