Over a Third of Recent ICS Bugs Still Have No Vendor Patch

From infosecurity-magazine.com

Industrial control system (ICS) operators are being let down by their vendors, after new research revealed that 35% of CVEs published in the second half of 2022 still have no available patch.

SynSaber’s ICS Vulnerabilities report for H2 2022 analyzed the 926 CVEs reported via Cybersecurity and Infrastructure Security Agency (CISA) ICS Advisories in the second half of 2022.

It found that, not only have ICS asset owners had to contend with an increase in published CVEs – up 36% from the 681 reported in the first half of the year – but in many cases their systems are exposed due to a lack of vendor updates.

Read more…