Last week, Team82 published the inaugural installment of its new Biannual ICS Risk & Vulnerability Report, which offers an in-depth assessment of all ICS vulnerabilities disclosed during the first half of the year (1H 2020), the challenges they pose to security practitioners, and what conclusions can be drawn from publicly available data. For more insight into the report's research findings and the implications for those tasked with defending OT environments, join Claroty Chief Product Officer Grant Geyer for our upcoming webinar to be held this Thursday, Aug. 27, at 10 a.m. EST. Click here to register.
The infographics below offer some visual perspective into key statistics from the Claroty Biannual ICS Risk & Vulnerability Report, 1H 2020, which will be discussed in greater detail during the webinar:
The webinar will also offer additional insights into the vendors, products, sectors, and regions most affected by recently discovered ICS vulnerabilities, potential impacts and other characteristics of these vulnerabilities, and how the ICS risk & vulnerability landscape has changed since 1H 2019.
CWE-35 Path Traversal:
011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
CyberData recommends users update to v22.0.1
CVSS v3: 9.8
CWE-522 Insufficiently Protected Credentials:
011209 Intercom does not properly store or protect web server admin credentials.
CyberData recommends users update to v22.0.1
CVSS v3: 7.5
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'):
011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
CyberData recommends users update to v22.0.1
CVSS v3: 5.3
CWE-306 Missing Authentication for Critical Function:
011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.
CyberData recommends users update to v22.0.1
CVSS v3: 7.5
CWE-288 Authentication Bypass Using an Alternate Path or Channel:
011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CyberData recommends users update to v22.0.1
CVSS v3: 9.8