Record High in Industrial Control System Vulnerabilities Reported in 2025

First reported

19.02.2026 15:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

In 2025, the number of industrial control system (ICS) security advisories exceeded 500 for the first time, with a significant increase in the severity of vulnerabilities. The total number of CVEs published reached 2155 across 508 advisories, up from 103 CVEs in 67 advisories in 2011. The average CVSS score of advisories also climbed to above 8.0 in 2024 and 2025, indicating more severe vulnerabilities. The most affected asset types included Purdue Level 1 devices, Level 3 operation systems, Level 2 control systems, and industrial network infrastructure. Critical manufacturing and energy sectors were the most impacted, with transportation and healthcare also experiencing notable increases in vulnerabilities.

Timeline

19.02.2026 15:00 1 articles · 9h ago

Record High in ICS Vulnerabilities in 2025
In 2025, the number of ICS security advisories exceeded 500 for the first time, with a significant increase in the severity of vulnerabilities. The total number of CVEs published reached 2155 across 508 advisories, up from 103 CVEs in 67 advisories in 2011. The average CVSS score of advisories also climbed to above 8.0 in 2024 and 2025, indicating more severe vulnerabilities.
Show sources

Industrial Control System Vulnerabilities Hit Record Highs — www.infosecurity-magazine.com — 19.02.2026 15:00
Open in new tab

Information Snippets

The number of ICS security advisories in 2025 topped 500 for the first time, with 2155 CVEs published across 508 advisories.
First reported: 19.02.2026 15:00

1 source, 1 article
Show sources
- Industrial Control System Vulnerabilities Hit Record Highs — www.infosecurity-magazine.com — 19.02.2026 15:00
The average CVSS score of advisories climbed from 6.44 in 2010 to above 8.0 in 2024 and 2025.
First reported: 19.02.2026 15:00

1 source, 1 article
Show sources
- Industrial Control System Vulnerabilities Hit Record Highs — www.infosecurity-magazine.com — 19.02.2026 15:00
The most affected asset types in 2025 were Purdue Level 1 devices, Level 3 operation systems, Level 2 control systems, and industrial network infrastructure.
First reported: 19.02.2026 15:00

1 source, 1 article
Show sources
- Industrial Control System Vulnerabilities Hit Record Highs — www.infosecurity-magazine.com — 19.02.2026 15:00
Critical manufacturing and energy sectors were the most impacted, with transportation and healthcare also experiencing significant increases in vulnerabilities.
First reported: 19.02.2026 15:00

1 source, 1 article
Show sources
- Industrial Control System Vulnerabilities Hit Record Highs — www.infosecurity-magazine.com — 19.02.2026 15:00
Only 22% of vulnerabilities in 2025 had an associated ICSA published by CISA, down from 58% in 2024 and 40% in 2023.
First reported: 19.02.2026 15:00

1 source, 1 article
Show sources
- Industrial Control System Vulnerabilities Hit Record Highs — www.infosecurity-magazine.com — 19.02.2026 15:00
61% of vulnerabilities in 2025 without an ICSA had a high or critical severity.
First reported: 19.02.2026 15:00

1 source, 1 article
Show sources
- Industrial Control System Vulnerabilities Hit Record Highs — www.infosecurity-magazine.com — 19.02.2026 15:00

Summary

Timeline

Record High in ICS Vulnerabilities in 2025

Information Snippets