The figures come from a new report produced by the US industrial asset and network monitoring company, SynSaber, in collaboration with the ICS Advisory Project – an open-source project that provides data from the US Department of Homeland Security’s CISA (Cybersecurity & Infrastructure Security Agency) ICS Advisories visualised a dashboards for use by the OT/ICS community.
The report analyses the Common Vulnerabilities and Exposures (CVEs) reported via CISA ICS Advisories in the first half of 2023, provides insight and identifies trends in the sector, while comparing the first half of 2023 to previous years.
CISA reported a total of 670 CVEs in the first half of this year compared to 681 in 2022. Of these, 88 were rated as being of “critical” severity, 349 as “high”, 215 as “medium”, and 18 as “low”.
Manufacturing and energy were the two critical infrastructure sectors most likely to be impacted by the CVEs reported during the first half of 2023, accounting for 37.3% and 24.3% of the CISA advisories, respectively.
Siemens products received the largest number of CISA advisories (41) of any ICS manufacturer during the first half of 2023.
The total number of advisories issued by CISA for ICS vendors, and their severity. Source: ICS Advisory Project dashboard
“The number of CVEs reported is likely to continue increasing over time or at least remain steady,” predicts SynSaber’s co-founder and CEO, Jori VanAntwerp. “It is our hope that this research helps asset owners prioritise when and how to mitigate vulnerabilities.”
ICS Advisory Project: Twitter
CISA: Twitter LinkedIn Facebook
