FireEye highlights vulnerabilities in Industrial Control Systems
Since 2000, FireEye has identified 1,600 publicly disclosed vulnerabilities
Cybersecurity firm FireEye has revealed it identified almost 1,600 publicly disclosed Industrial Control Systems (ICS) vulnerabilities since 2000.
Its latest report, "Overload: Critical Lessons from 15 Years of ICS Vulnerabilities", highlights trends in total ICS vulnerability disclosures, patch availability, vulnerable device type and other vulnerabilities exploited by threat actors.
FireEye stated that many of these vulnerabilities are left unpatched and some are simply beyond restoration due to outdated technology, which in effect increases the attack surface for potential adversaries. Furthermore, nation-state cyber threat actors have exploited five of these vulnerabilities in attacks in since 2009.
Other key findings reveal that ICS vulnerability disclosures surged 49% between 2014 and 2015, 33% of vulnerabilities encountered by industrial environments had no vendor fixes and 123 vendors were affected by vulnerability disclosures.
In the past, such vulnerabilities has hit electric grids, water supplies and production lines, plus security personnel from manufacturing, energy, water and other industries are often unaware of their own control system assets and what may affect them, leaving them exposed to potential threats.