Industrial Control System Vulnerabilities Hit Record Highs

The acceleration of vulnerability disclosures in industrial control systems signals a broader shift in the threat landscape. While the total number of advisories has more than doubled since 2011, the jump in average CVSS scores—from 6.44 a decade ago to over 8.0 this year—means that many flaws are now exploitable at a critical level. This trend is driven by the expanding attack surface of connected field devices, PLCs, and network infrastructure, which are increasingly integrated into enterprise IT environments. Operators must therefore treat OT security with the same rigor applied to traditional IT, investing in continuous monitoring and rapid patching pipelines.

Compounding the technical challenge is a growing information gap. CISA’s historic role as the primary source of ICSA advisories has eroded, with only 22% of 2025 vulnerabilities receiving an official advisory—down sharply from 58% the prior year. The withdrawal of Siemens‑specific updates and the rise of vendor‑specific CERTs have fragmented visibility, leaving many high‑severity issues undocumented in public feeds. This fragmentation hampers risk assessments, as organizations cannot reliably gauge exposure across the 134 vendors that reported untracked flaws. A coordinated, open‑source repository that aggregates vendor disclosures could restore some of the lost transparency.

Industry response must move beyond reactive fixes. Forescout’s call for regulatory pressure, collaborative standards, and vendor accountability aligns with emerging best practices such as mandatory patch timelines and shared threat intelligence platforms. Governments could incentivize rapid remediation through compliance frameworks, while manufacturers should embed security‑by‑design principles to reduce the prevalence of exploitable code. Ultimately, a proactive security culture—where vulnerability management is baked into operational processes—will be essential to safeguard the manufacturing, energy, and expanding transportation sectors from escalating OT threats.