The new State of XIoT Security Report: 2H 2022 shows that 71 percent of vulnerabilities were rated with a CVSS v3 score of “critical” (9,0-10) or “high” (7,0-8,9). Almost two-thirds of XIoT vulnerabilities can be exploited remotely.
Vulnerabilities in cyber-physical systems that became known in the second half of 2022 have decreased by 2021 percent since the peak in the second half of 14. At the same time, vulnerabilities discovered by internal research and product security teams have increased by 80 percent over the same period.
Sharp increase in XIoT vulnerabilities
This is shown by the new State of XIoT Security Report: 2H 2022 from Claroty, specialist in the security of cyber-physical systems (CPS). These results suggest that security researchers have a positive impact on strengthening the security of the enhanced Internet of Things (XIoT), ranging from industrial engineering (OT) to (I)IoT systems such as sensors or surveillance cameras to medical devices. It is also becoming clear that XIoT vendors are devoting more resources to testing the security of their products than ever before.
Compiled by Claroty's award-winning research team, Team82, the sixth biannual State of XIoT Security Report provides an in-depth investigation and analysis of vulnerabilities affecting the XIoT, including operational engineering and industrial control systems (OT/ICS) that Internet of Medical Things (IoMT), building management systems and enterprise IoT. The report includes vulnerabilities discovered in the second half of 2022 by Team82 and from trusted open sources such as the National Vulnerability Database (NVD), the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), [email protected], MITER and the industrial automation manufacturers Schneider Electric and Siemens.
The most important report results
- Affected devices: 62 percent of published OT vulnerabilities affect Level 3 devices of the Purdue Model for Industrial Control Systems. These devices control production processes and represent important interfaces between IT and OT networks and are therefore very attractive to attackers.
- Severity: 71 percent of vulnerabilities received a CVSS v3 score of critical (9,0-10) or high (7,0-8,9). This reflects the tendency of security researchers to focus on identifying vulnerabilities with the greatest potential impact in order to achieve maximum mitigation. In addition, four of the report's top five vulnerabilities are also among the top five of MITER's identified 25 Most Dangerous Software Vulnerabilities of 2022, which are relatively easy to exploit and allow attackers to disrupt system availability and service delivery.
- Attack vectors: 63 percent of vulnerabilities can be exploited remotely, meaning an attacker does not need local, neighboring, or physical access to the affected device to exploit the vulnerability.
- Effects: The highest potential impact is unauthorized remote code or command execution (accounting for 54% of vulnerabilities), followed by denial of service (crash, exit, or reboot) at 43%.
- Remedial Actions: The top remediation measure is network segmentation (recommended in 29% of vulnerability reports), followed by secure remote access (26%) and protection against ransomware, phishing and spam (22%).
- Team82: Team82 reported 2022 vulnerabilities in the second half of 65, 30 of which were rated with a CVSS v3 score of 9,5 or higher. To date, over 400 vulnerabilities have been reported by Claroty's research department.
The full findings, in-depth analysis, and additional measures to protect against unauthorized access and risks can be found in Claroty's semi-annual State of XIoT Security Report: 2H 2022.More at Claroty.com
About Claroty Claroty, the Industrial Cybersecurity Company, helps its global customers discover, protect and manage their OT, IoT and IIoT assets. The company's comprehensive platform can be seamlessly integrated into customers' existing infrastructure and processes and offers a wide range of industrial cybersecurity controls for transparency, threat detection, risk and vulnerability management and secure remote access - with significantly reduced total cost of ownership.