April 7, 2023 HAWKEYE

Rise in ICS Vulnerabilities

Due to concerns about interoperability, high uptime requirements, and occasionally the age of devices, patching vulnerabilities in industrial contexts has always been difficult.


A recent investigation found that for one-third of vulnerabilities, there are no patches or any viable fixes. An analysis by SynSaber, a security firm that specializes in industrial asset and network monitoring, found that 35% of the 926 CVEs—unique vulnerability identifiers—included in ICS advisories from the US Cybersecurity and Infrastructure Security Agency (CISA) during the second half of 2022 had no patch or remediation available from the vendor.

The number of CVEs (common vulnerabilities and exposures) revealed via ICS advisories has grown yearly, according to SynSaber. Increased attempts to secure the ICS systems essential to the country’s energy, manufacturing, water, and transportation infrastructure are seen in the growing number of documented vulnerabilities.

Industrial Control System

The phrase “industrial control system” (ICS) refers to a variety of control systems and related instrumentation, including the equipment, networks, systems, and controls needed to operate and/or automate industrial processes. Each ICS operates differently and is designed to effectively manage duties electronically depending on the industry. Today, almost every industrial sector and important infrastructure, including those in manufacturing, transportation, energy, and water treatment, use the equipment and protocols found in an ICS.

The hardware and software systems that monitor and manage actual physical devices in the field are operational technology (OT) variables. Every industry has different OT responsibilities. OT devices include, for instance, equipment that measures temperature in industrial settings.

The integration and visibility of the supply chain, including vital assets, logistics, plans, and operational procedures, are improved for businesses thanks to the convergence of IT and OT. Having a clear understanding of the supply chain helps businesses stay competitive. On the other hand, the integration of OT and IT makes it simpler for cyber criminals to access these two components, which are targets. OT infrastructure is, at best, inadequately safeguarded against cyberattacks in many enterprises.

ICS Vulnerabilities

In marked contrast to the 23 medical ICS CVEs, the CISA warnings found 1342 ICS (industrial control system) CVEs for 2022, according to SynSaber. There were 550 ICS CVEs and 79 medical ICS CVEs in 2020, compared to 1191 ICS CVEs and 87 medical ICS CVEs in 2021, representing an increase of 144% from 2020 to 2022. According to the research, CISA advisory numbers have continued to rise, with CISA ICS CVEs rising by 67.3 percent in 2020–2021 and by 2 percent in 2021–2022, respectively. There is presently no patch or fix available for 21.2 percent of the CVEs identified in ICS advisories for the past three years.

From 186 in 2021 to nearly 300 in 2022, the number of vulnerabilities labeled “critical” has climbed even more sharply. According to their CVSS score, a total of roughly 1,000 vulnerabilities are classified as “serious” or “high severity.”

The number of “forever-day vulnerabilities,” or defects that are likely to never receive patches, surged to 28% in 2022, up from 14% in 2021, according to data for the previous three years.

The trend can be concerning at a time when attacks on industrial equipment operators across numerous industries are on the rise. It is far from appropriate to simply enumerate vulnerabilities without considering their impact and possibility of exploitation. Comparatively, out of a considerably smaller total of 681, there were 13% of unpatched ICS faults in the first half of the year.

Out-of-bounds writes and out-of-bounds reads were the most often occurring flaws (CWEs) connected to CVEs in CISA advisories between July and December 2022, according to a new analysis from ICS and IoT security company Nozomi Networks. These vulnerabilities round out the top 8:

  • Improper input validation (CWE-20)
  • Improper neutralization of input during web page generation aka cross-site scripting (CWE-79)
  • Improper limitation of a pathname to a restricted directory also known as path traversal (CWE-22)
  • Improper access control (CWE-284)
  • Missing authentication for critical function (CWE-306)
  • Use of hard-coded credentials (CWE-798)
  • Improper neutralization of special elements used in a SQL command (CWE-89)
  • Stack-based buffer overflow (CWE-121)

ICS Threats

In the past, sophisticated cyberespionage or cyber sabotage groups that were frequently connected to national governments and their intelligence services frequently targeted ICS environments. Yet established cybercrime organizations, like ransomware gangs and hacktivists, are also increasingly focusing on crucial healthcare and manufacturing firms, which could result in interruptions in assets regarded as essential infrastructure.

In 2022, 37% of important industrial businesses reported malware infestations, up from 2021, according to SecurityScorecard. Malware falls into a variety of kinds, each with a unique function and distribution strategy. In the previous six months, Trojans, Remote Access Tools (RATs), and DDoS malware all targeted OT and IoT devices, respectively. Trojans were the most prevalent malware found to attack enterprise networks.

How HawkEye can help with ICS Security

With extensive knowledge and experience in Industrial Control System Cyber Security, HAWKEYE powered by DTS managed CSOC as a Service, helps you comprehend the cyber security risks in your Industrial Control System / Operational Technology environment by providing monitoring services either in real-time, at predetermined intervals, or on-demand.

In order to secure critical infrastructure, HAWKEYE has created the ICS / OT Cyber Security Monitoring Use Cases based on the ICS MITRE ATT&CK Model. Our tools and techniques for creating monitoring controls within your OT environment will provide CISO / ICS Cyber Security Specialists and OT Operations Team with unparalleled visibility into the security posture of your industrial networks that have never been seen before.

, , ,


We welcome you to contact us for more information
about HAWKEYE - SOC As A Service.