70 percent of XIoT vulnerabilities critical or high

70 percent of XIoT vulnerabilities critical or high

Share post

The new State of XIoT Security Report: 2H 2022 shows that 71 percent of vulnerabilities were rated with a CVSS v3 score of “critical” (9,0-10) or “high” (7,0-8,9). Almost two-thirds of XIoT vulnerabilities can be exploited remotely.

Vulnerabilities in cyber-physical systems that became known in the second half of 2022 have decreased by 2021 percent since the peak in the second half of 14. At the same time, vulnerabilities discovered by internal research and product security teams have increased by 80 percent over the same period.


Sharp increase in XIoT vulnerabilities

This is shown by the new State of XIoT Security Report: 2H 2022 from Claroty, specialist in the security of cyber-physical systems (CPS). These results suggest that security researchers have a positive impact on strengthening the security of the enhanced Internet of Things (XIoT), ranging from industrial engineering (OT) to (I)IoT systems such as sensors or surveillance cameras to medical devices. It is also becoming clear that XIoT vendors are devoting more resources to testing the security of their products than ever before.

Compiled by Claroty's award-winning research team, Team82, the sixth biannual State of XIoT Security Report provides an in-depth investigation and analysis of vulnerabilities affecting the XIoT, including operational engineering and industrial control systems (OT/ICS) that Internet of Medical Things (IoMT), building management systems and enterprise IoT. The report includes vulnerabilities discovered in the second half of 2022 by Team82 and from trusted open sources such as the National Vulnerability Database (NVD), the Industrial Control Systems Cyber ​​Emergency Response Team (ICS-CERT), [email protected], MITER and the industrial automation manufacturers Schneider Electric and Siemens.


The most important report results

🔎 State of XIoT Security Report Results: 2H 2022 (Image: Claroty).

  • Affected devices: 62 percent of published OT vulnerabilities affect Level 3 devices of the Purdue Model for Industrial Control Systems. These devices control production processes and represent important interfaces between IT and OT networks and are therefore very attractive to attackers.
  • Severity: 71 percent of vulnerabilities received a CVSS v3 score of critical (9,0-10) or high (7,0-8,9). This reflects the tendency of security researchers to focus on identifying vulnerabilities with the greatest potential impact in order to achieve maximum mitigation. In addition, four of the report's top five vulnerabilities are also among the top five of MITER's identified 25 Most Dangerous Software Vulnerabilities of 2022, which are relatively easy to exploit and allow attackers to disrupt system availability and service delivery.
  • Attack vectors: 63 percent of vulnerabilities can be exploited remotely, meaning an attacker does not need local, neighboring, or physical access to the affected device to exploit the vulnerability.
  • Effects: The highest potential impact is unauthorized remote code or command execution (accounting for 54% of vulnerabilities), followed by denial of service (crash, exit, or reboot) at 43%.
  • Remedial Actions: The top remediation measure is network segmentation (recommended in 29% of vulnerability reports), followed by secure remote access (26%) and protection against ransomware, phishing and spam (22%).
  • Team82: Team82 reported 2022 vulnerabilities in the second half of 65, 30 of which were rated with a CVSS v3 score of 9,5 or higher. To date, over 400 vulnerabilities have been reported by Claroty's research department.

The full findings, in-depth analysis, and additional measures to protect against unauthorized access and risks can be found in Claroty's semi-annual State of XIoT Security Report: 2H 2022.

More at Claroty.com


About Claroty

Claroty, the Industrial Cybersecurity Company, helps its global customers discover, protect and manage their OT, IoT and IIoT assets. The company's comprehensive platform can be seamlessly integrated into customers' existing infrastructure and processes and offers a wide range of industrial cybersecurity controls for transparency, threat detection, risk and vulnerability management and secure remote access - with significantly reduced total cost of ownership.


Matching articles on the topic

New Study: Web Shells Are Top Incidence Vector

The number of attacks via web shells increased at an above-average rate in the first three months of 2023. The Cisco shows that ➡ Read more

iPhones: Secret malware discovered – search tool is ready

A few days ago, Kaspersky discovered sophisticated malware on company iPhones. The campaign, dubbed Operation Triangulation, is apparently still ➡ Read more

Ransomware Report: LockBit targets macOS

LockBit, currently the most active ransomware group, expanded its activities to macOS devices in April. Furthermore, vulnerabilities in the PaperCut printer software become active ➡ Read more

Five years GDPR

The European Union's General Data Protection Regulation is exhausting, but a success story. The European Commission should mark the fifth anniversary of the GDPR ➡ Read more

SOCs: 1,5x increase in cyberattack detections

Kaspersky's new Managed Detection and Response Analyst report has some key takeaways: Here's how the numbers increased ➡ Read more

World of work: Return to the office

The "Everywhere Work Report" paints a rather gloomy picture of the hybrid working world in 2023. Because between the expectations of the employees ➡ Read more

Qbot remains top malware

The Qbot campaign, which occurred last month, uses a new delivery method in which an email with an attachment is sent to the target individuals ➡ Read more

The GDPR and the AI ​​Act

The GDPR has now been in force for five years and the European Commission wants to improve the regulation in the first half of the year. ➡ Read more