639 Web browser vulnerabilities and 35 SCADA vulnerabilities found in Symantec Study

The Symantec Internet Security Threat report of 2014 released recently indicates that in 2014 6549 new vulnerabilities were reported as compared to 6787 in 2013.

total_vulnerabilities_norton_study

Out of these,  there were 891  Web Browser vulnerabilities which  are a serious threat to ordinary Netizens.

browser_vulnerabilities_norton_study

As can be observed from the above table, the total number of vulnerabilities in the 5 major browsers declined from around 891 in 2012 to 591 in 2013 and again went up to 639 in 2014. Internet explorer recorded the highest number of vulnerabilities at 282 while Opera appeared to be the most secure browser.

Browser plug ins including Adobe Reader, Flash Player, Apple Quicktime, Microsoft Actve X as well as Firefox extensions and Java constituted additional vulnerabilities.

Inference is that using Opera web browser and avoiding plug ins could reduce the risks of being exploited by these vulnerabilities.

The study has also tried to track what it calls as ICS vulnerabilities. These represent the vulnerabilities with Industrial Control Systems including SCADA (Supervisory control and data acquisition) systems of the type attacked by Stuxnet virus in the past.

ICSs are typically used in industries such as electrical, water, oil, and gas. Based on data received from remote stations, automated or operator-driven supervisory commands can be pushed to remote station control devices.

This is of special interest to non IT manufacturing companies who have a huge stake in terms of exploitation particularly by Cyber terrorists. It is also of relevance to Secure Digital India where stakes are being placed on Smart Cities.

Siemens products continue to find a place in the list of such vulnerabilities along with Advantech WebAccess and Schneider electric products. A total of 35 such vulnerabilities have been disclosed in the report.

Industries using such products should pay special attention to these vulnerabilities and Cyber Insurers and CISOs also need to take special note of such vulnerabilities.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.