FireEye reveals 1,600 industrial vulnerabilities since 2000
The flaws affect the reliable operation of sensors, programmable controllers, software and networking equipment of industry


FireEye has revealed there have been 1,600 vulnerabilities impacting industrial control systems (ICS) since 2000, potentially preventing the manufacturing business from running smoothly.
These vulnerabilities have affected a range of ICS components including sensors, programmable controllers, software and networking equipment used to automate and monitor the physical processes of industry.
The report released by FireEye described the lessons learnt in the last 15 years, which exposed many of the vulnerabilities uncovered cannot be fixed or patched because they are using outdated technology. Of the 1,600 flaws, a third are zero-days and have no vendor fixes, presenting a big opportunity for criminals to break in.
Additionally, the report revealed more than half of the flaws since 2013 are 'level 2' compromises, which relate to the operation of machinery. Hacks into these systems could result in the modification of controlled processes.
"To make matters worse, many of these vulnerabilities are left unpatched and some are simply unpatchable due to outdated technology, thus increasing the attack surface for potential adversaries," FireEye researchers Sean McBride, Jeffrey Ashcraft and Nathan Belk said in a blog post. "In fact, nation-state cyber threat actors have exploited five of these vulnerabilities in attacks since 2009."
FireEye said that 90 per cent of the vulnerabilities tracked appeared in the last five years and the company thinks this will grow as more ICS become the target of vulnerabilities.
"Unfortunately, security personnel from manufacturing, energy, water and other industries are often unaware of their own control system assets, not to mention the vulnerabilities that affect them," FireEye continued. "As a result, organisations operating these systems are missing the warnings and leaving their industrial environments exposed to potential threats."
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives

Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.
-
Despite the hype, cybersecurity teams are still taking a cautious approach to using AI tools
News Research from ISC2 shows the appetite for AI tools in cybersecurity is growing, but professionals are taking a far more cautious approach than other industries.
-
A new, silent social engineering attack is being used by hackers
News Security researchers have warned the 'FileFix' technique, which builds on the notorious 'ClickFix' tactic, is being used in the wild by threat actors.