✨ NEW REPORT -- ICS/OT Vulnerability Intelligence Report analyzes all ICS CVEs from 2024-2025 View the Report
> ICS OT Vulnerability Intelligence Report 2024-2025

ICS CVE Research:
2024-2025

EmberOT collaborated with the ICS Advisory Project and Dr. Rishabh “George” Das to provide a joint research report focused on ICS CVEs reported via CISA ICS Advisories and other entities spanning 2024-2025. The report covers:

•  Insights from ICS CVE Severity ranking & CVSS criteria
•  Percentage of CVEs that require local/physical access to exploit
•  Increase in CVE reporting from OEMs, Security vendors, & Academic researchers
•  Percentage of CVEs that currently have no patch or remediation available

EmberOT is excited to partner with the ICS Advisory Project and Dr. Rishabh “George” Das in our recent OT vulnerability intelligence report. We sought to find and evaluate notable trends in CVEs spanning 2024-2025 to help OT and ICS asset owners prioritize and remediate any vulnerabilities that may impact their environment. We hope that the analysis contained within this joint research report can be used by industrial security teams to better understand and remediate future vulnerabilities.

OT vulnerability intelligence report

🔽 Vulnerability Volumes
More ≠ More

In 2025, CISA published 508 ICS advisories, up from 423 in 2024 and 380 in 2023. Unique advisories tracked across all sources, including vendor PSIRTs and international CERTs, rose 20.6% year over year from 1,830 to 2,207. At first glance, those numbers sound like a worsening crisis. They are more accurately a sign that the disclosure ecosystem is maturing.

Here’s a sneak peek of some stats you’ll find in the OT Vulnerability Intelligence report:

► Of 2,203 High/Critical CVEs tracked, only 29 (1.32%) appear in CISA’s Known Exploited Vulnerabilities catalog.

► The proportion of vulnerabilities tracked by official CISA ICS Advisories fell from 28.3% in 2024 to 17.5% in 2025

► Medium-severity CVEs nearly doubled year over year (558 to 1,044+)

► 45% of advisories recommended hardware upgrades as the remediation path