The Cybersecurity and Infrastructure Security Agency (CISA) and several other global cybersecurity agencies recently released an advisory identifying 2023’s Top Routinely Exploited Vulnerabilities. Of the 47 vulnerabilities listed—all of which appear in CISA’s Known Exploited Vulnerabilities (KEV) Catalog—more than half impact extended internet of things (XIoT) devices, including network infrastructure, edge devices, and programmable logic controllers (PLCs).
This trend underscores the increasing focus of attackers on XIoT devices, presenting a clear call to action for organizations to enhance their security measures.
Understanding the KEV Catalog and Its Importance
The NetRise Platform integrates with the KEV Catalog to prioritize vulnerabilities in software artifacts. As a refresher, CISA outlines the Catalog’s purpose as follows:
“Known exploited vulnerabilities should be the top priority for remediation. Based on a study of historical vulnerability data dating back to 2019, less than 4% of all known vulnerabilities have been used by attackers in the wild. Rather than have agencies focus on thousands of vulnerabilities that may never be used in a real-world attack, BOD-22-01 shifts the focus to those vulnerabilities that are active threats.”
By focusing on actively exploited vulnerabilities, organizations can maximize the impact of their remediation efforts.
XIoT Devices: A Growing Target
While the KEV Catalog spans a broad range of software, vulnerabilities affecting XIoT devices are increasingly prevalent:
- In 2022, approximately 30% of CVEs in the KEV Catalog impacted XIoT devices or software components commonly used by these devices.
- By 2023, this number grew to 34%, and as of November 2024, it stands at 35%.
This steady rise highlights the urgent need for visibility into these devices and their associated software.
Zero-Day Exploits: A Troubling Trend
The 2023 advisory revealed a concerning development:
“In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, an increase from 2022, when less than half were zero-days.”
This trend has two significant implications:
-
Longstanding Vulnerabilities Persist
Despite the rise in zero-day exploits, many vulnerabilities in the KEV Catalog have been known for years. In 2024, 37% of vulnerabilities affecting XIoT devices were discovered more than a year ago. These older vulnerabilities represent a critical opportunity for remediation and risk reduction. -
XIoT Devices Remain Prime Targets
Malicious actors continue to target XIoT, network, and edge devices to establish footholds within their targets. Now more than ever, organizations must gain a comprehensive understanding of their device inventories and the software running on them.
How the NetRise Platform Helps
The NetRise Platform provides the tools and insights organizations need to secure their XIoT environments. Key capabilities include:
- Software Bill of Materials (SBOM) Generation: Gain detailed visibility into software components, even in compiled binaries.
- Vulnerability Prioritization: Move beyond traditional CVSS scores by incorporating insights from the KEV Catalog and identifying the most critical threats.
- Risky Code Identification: Detect misconfigurations, embedded credentials, and other risks hidden in compiled code.
NetRise is a one-stop solution for Asset Owners and Manufacturers to secure all types of compiled code, helping organizations stay ahead of the evolving threat landscape.
Stay Ahead of the Threats
The growing prevalence of exploited vulnerabilities in XIoT devices requires proactive measures. With the NetRise Platform, your organization can achieve the visibility, prioritization, and risk management needed to safeguard its systems.
Schedule a demo today and see how NetRise can transform your vulnerability management strategy.
SHARE