Industrial plants and critical infrastructures (KRITIS) increasingly vulnerable to remote attacks

[German]On the one hand, the need for remote access to industrial networks is increasing during COVID-19. The other side of the coin: energy supply, critical production and water supply are particularly affected by attacks.


More than 70 percent of the vulnerabilities of industrial control systems (ICS) discovered in the first half of 2020 can be exploited remotely. This is shown in the first semi-annual ICS Risk & Vulnerability Report (requires registration) by industrial cybersecurity specialist Claroty, underlining the importance of protecting Internet-enabled ICS devices and remote access connections.

The report includes the Claroty Research Team's assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 warnings issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) from January to June 2020. 26 of the vulnerabilities contained in this data set were discovered by the Claroty Research Team. Compared with the first half of 2019, the number of vulnerabilities published by the NVD increased by 10.3%, while the number of ICS-CERT warnings increased by 32.4%. Three-quarters of the vulnerabilities are rated with a high or critical CVSS score.   .

Vulnerabilities in Control Sytems (Claroty)
(Vulnerabilities in industrial control systems, source: Claroty)

"We are seeing a growing awareness of the risks posed by weaknesses in industrial control systems. Researchers and vendors are increasingly focusing on identifying and fixing them as effectively and efficiently as possible," says Amir Preminger, VP of Research at Claroty.  "With our report we want to present a comprehensive picture of the risk and threat landscape. Ultimately, all those responsible for OT security can benefit from this. Our findings show how important it is for companies to protect remote access connections and ICS devices with Internet access. Equally important is protection against phishing, spam and ransomware. This is the only way to minimize the potential impact of these threats.

Need to protect Internet-connected ICS devices

According to the report, more than 70 percent of published vulnerabilities can be exploited remotely. Nearly half of the vulnerabilities (49%) also allow remote code execution (RCE), followed by the ability to read application data (41%), cause denial of service (DoS) (39%) and bypass protection (37%). Remote vulnerability is becoming increasingly important due to the corona-related trend towards remote work in the industrial sector and increasing dependence on remote access to ICS networks.


Vulnerabilities in energy supply, critical production and water supply

The energy, critical production and water and sanitation infrastructure sectors were by far the most affected by the weaknesses. Of the 385 Common Vulnerabilities and Exposures (CVEs) identified in the ICS-CERT notes, 236 were in the energy sector, 197 in critical manufacturing industries and 171 in the water and wastewater sector. Compared to the first half of 2019, water and wastewater showed the largest increase at 122.1 percent, while critical manufacturing increased by 87.3 percent and the energy sector by 58.9 percent. The security gaps are therefore increasing.

Assessment of ICS vulnerabilities discovered by Claroty

The Claroty research team discovered a total of 26 ICS weaknesses in the first half of 2020. They prioritized critical or high-risk vulnerabilities that could affect the availability, reliability and security of industrial operations.

Claroty Vulnerabilities
(Vulnerabilities found, Source: Claroty)

The team focused on ICS vendors and products with a large installation base and which play an important role in the production processes. The 26 identified vulnerabilities could have a serious impact on affected OT networks, especially as more than 60 percent of them allow remote code execution. For many of the vendors affected by Claroty's discoveries, this was their first reported vulnerability. They subsequently created dedicated security teams and processes to address the increasing number of vulnerabilities discovered due to the convergence of IT and OT.

The Claroty research team is comprised of OT security researchers who develop proprietary OT threat signatures, analyze OT logs, and identify and disclose ICS vulnerabilities. It has the industry's most comprehensive ICS testing laboratory and works closely with leading industrial automation vendors to evaluate the security of their products. To date, the team has discovered and disclosed more than 40 ICS vulnerabilities. The team works closely with a variety of vendors to fix all reported issues.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *