SynSaber OT/ICS Vulnerabilities Report For 1H 2023 Is Out

New data from client SynSaber in association with The CS Advisory Project identifies and evaluates trends in Common Vulnerabilities and Exposures (CVEs) showcasing what OT and ICS asset owners need to be aware of.  

A couple key findings from the report include: 

  • For the CVEs reported in the first half of 2023, about 1/3 have no patch or remediation currently available from the vendor (significantly up from the first half of 2022)
  • Critical manufacturing (37.3% of total reported CVEs) and Energy (24.3% of the total reported) sectors are the most likely to be affected
  • Forever-Day vulnerabilities remain an issue – six CISA Advisories identified for ICS vendor products that reached end of life with “critical” severity vulnerabilities have no update, patch, hardware/software/ firmware updates, or known workarounds.

You can read the report here.

Leave a Reply

%d bloggers like this: