A Claroty, leading company in the protection of cyber-physical systems (CPS), discloses a new report revealing the most sought-after vulnerabilities for exploitation by adversaries in operational technology (OT) devices. Based on the analysis of nearly one million OT devices, the report "The State of CPS Security 2025: OT Exposures"State of CPS Security 2025: OT Exposuresfound more than 111.000 Known Exploitable Vulnerabilities (KEVs) in OT devices in manufacturing organizations, logistics and transportation, and natural resources, with more than two-thirds (68%) of the KEVs being linked to ransomware groups. Based on the analysis of nearly one million OT devices, the report reveals the riskiest exposures for companies amid growing threats to critical sectors
In the report, the recognized research groupTeam82Claroty examines the challenges that industrial organizations face when identifying, in OT devices, which Known Exploitable Vulnerabilities (KEVs) to prioritize for remediation. The survey highlights how to understand the intersection of these vulnerabilities with popular threat vectors, how ransomware and insecure connectivity, can help security teams minimize risks at scale proactively and efficiently. With the offensive activity increasing on the part of threat agents, the report details the risk that critical sectors face from OT assets communicating with malicious domains, including those from China, Russia and Iran
"The inherent nature of operational technology creates obstacles to protect these mission-critical technologies", says Grant Geyer, Director of Strategies at Claroty. "From the incorporation of offensive capabilities in networks to the targeting of vulnerabilities in outdated systems", threat agents can take advantage of these exposures to create risks to availability and security in the real world. As digital transformation continues to drive connectivity to OT assets, these challenges will only proliferate. There is a clear imperative, for security and engineering leaders to shift from a traditional vulnerability management program to an exposure management philosophy, with the aim of ensuring that they can make the most impactful and feasible remediation efforts
Main findings:
- From almost a million analyzed OT devices, Team82 from Claroty discovered that 12% contain Known Exploitable Vulnerabilities (KEVs), 40% of the analyzed organizations have a subset of these assets connected to the Internet in an insecure manner
- 7% of devices are exposed with KEVs, that were linked to known ransomware samples and agents, with 31% of the analyzed organizations having these assets connected to the Internet in an insecure manner
- In the research, 12% of organizations had OT assets communicating with malicious domains, demonstrating that the risk of threat to these assets is not theoretical
- It was discovered that the manufacturing industry had the highest number of devices with confirmed Known Exploitable Vulnerabilities (over 96.000), with more than two-thirds (68%) of them linked to ransomware groups
To access all the discoveries, deep analyses and security measures recommended by Team82 of Claroty, in response to vulnerability trends, Download the report:“State of CPS Security 2025: OT Exposures“
Methodology
The report “State of CPS Security 2025: OT Exposures⁇ gives an overview of the trends of vulnerabilities and exposures of OT devices in manufacturing sectors, logistics and transportation, and natural resources observed and analyzed by Team82, Claroty's threat research team and our data scientists
