Last week, Team82 published the inaugural installment of its new Biannual ICS Risk & Vulnerability Report, which offers an in-depth assessment of all ICS vulnerabilities disclosed during the first half of the year (1H 2020), the challenges they pose to security practitioners, and what conclusions can be drawn from publicly available data. For more insight into the report's research findings and the implications for those tasked with defending OT environments, join Claroty Chief Product Officer Grant Geyer for our upcoming webinar to be held this Thursday, Aug. 27, at 10 a.m. EST. Click here to register.
The infographics below offer some visual perspective into key statistics from the Claroty Biannual ICS Risk & Vulnerability Report, 1H 2020, which will be discussed in greater detail during the webinar:
The webinar will also offer additional insights into the vendors, products, sectors, and regions most affected by recently discovered ICS vulnerabilities, potential impacts and other characteristics of these vulnerabilities, and how the ICS risk & vulnerability landscape has changed since 1H 2019.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
