Industrial Control System Vulnerabilities Hit Record Highs

Key Points:

• Record high vulnerabilities in industrial control systems (ICS) with over 500 advisories published in 2025, marking a significant increase in severity and volume.
• Critical sectors affected include manufacturing, energy, transportation, and healthcare, with many vulnerabilities lacking associated advisories from CISA, leading to a visibility gap.
• Recommended actions include enhancing regulatory pressure, fostering industry collaboration, increasing vendor accountability, and promoting proactive security measures.

Technical Details: In 2025, there were 2155 CVEs published across 508 ICS advisories, with an average CVSS score exceeding 8.0. A concerning trend is that only 22% of these vulnerabilities had an associated ICSA from CISA.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned