FireEye reveals 1,600 industrial vulnerabilities since 2000

The flaws affect the reliable operation of sensors, programmable controllers, software and networking equipment of industry

FireEye has revealed there have been 1,600 vulnerabilities impacting industrial control systems (ICS) since 2000, potentially preventing the manufacturing business from running smoothly.

These vulnerabilities have affected a range of ICS components including sensors, programmable controllers, software and networking equipment used to automate and monitor the physical processes of industry.

The report released by FireEye described the lessons learnt in the last 15 years, which exposed many of the vulnerabilities uncovered cannot be fixed or patched because they are using outdated technology. Of the 1,600 flaws, a third are zero-days and have no vendor fixes, presenting a big opportunity for criminals to break in.

Additionally, the report revealed more than half of the flaws since 2013 are 'level 2' compromises, which relate to the operation of machinery. Hacks into these systems could result in the modification of controlled processes.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"To make matters worse, many of these vulnerabilities are left unpatched and some are simply unpatchable due to outdated technology, thus increasing the attack surface for potential adversaries," FireEye researchers Sean McBride, Jeffrey Ashcraft and Nathan Belk said in a blog post. "In fact, nation-state cyber threat actors have exploited five of these vulnerabilities in attacks since 2009."

FireEye said that 90 per cent of the vulnerabilities tracked appeared in the last five years and the company thinks this will grow as more ICS become the target of vulnerabilities.

"Unfortunately, security personnel from manufacturing, energy, water and other industries are often unaware of their own control system assets, not to mention the vulnerabilities that affect them," FireEye continued. "As a result, organisations operating these systems are missing the warnings and leaving their industrial environments exposed to potential threats."

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/microsoft-windows/354789/microsoft-pulls-disastrous-windows-10-security-update
Microsoft Windows

Microsoft pulls disastrous Windows 10 security update

17 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/business/business-operations/354790/hp-shareholders-invited-to-come-dine-with-xerox
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020