Guardians of Government: The State of Federal OT Security
Get the Report
Claroty Toggle Search


State of XIoT Security: 2H 2022

Team82’s analysis of vulnerabilities impacting cyber-physical systems across the Extended Internet of Things—2H 2022

View the Report

Team82 presents its sixth biannual State of XIoT Security Report, covering published vulnerabilities affecting cyber-physical systems in the 2H 2022. This report is an analysis of the XIoT vulnerability landscape for security leaders, analysts, and engineers looking to prioritize mitigation and response activities. We hope you find it useful. Download the report, share it with your peers.

Interested in learning about Claroty's Cybersecurity Solutions?

Key Trend

In this edition of the State of XIoT Security Report, 2H 2022, you’ll see evidence that vendors are embracing the need to secure cyber-physical systems, and dedicating time, people, and money to not only patching software and firmware vulnerabilities, but also product security teams overall. 

For the second consecutive report, the number of vulnerabilities affecting the Extended Internet of Things (XIoT) has dropped. After hitting a peak during the second half of 2021, we’re seeing published vulnerabilities dipping while in parallel, the number of disclosures attributed to internal research and product security teams continue to climb.

XIoT Vulnerabilities Breakdown

In the 2H 2022, a record number of 485 published operational technology (OT) vulnerabilities filled our dataset, while the number of published internet of things (IoT) and internet of medical things (IoMT) vulnerabilities dropped from previous reports.


487 published vulnerabilities in the 2H of 2022 were either assessed a critical or high-severity CVSS v3 score.


Exploitable vulnerabilities in our dataset could lead to a number of serious impacts, affecting the availability, reliability, and safety of connected cyber-physical systems. The top three impacts include: unauthorized code execution, denial of service, and bypasses of security mechanisms.

XIoT Components Most Affected by Vulnerabilities

We see a continuing trend of a large majority of those security issues uncovered at Level 3 of the Purdue Model for ICS, the operations management level. At this level of the Purdue reference model we find devices that manage production workflows, including devices such as Historian servers and databases that collect and store process information and relay it to field devices at Levels 2 and 1, as well as the DMZ.

Affected XIoT Components: Software and Firmware

In the 2H of 2022, we’ve reverted back our previous trends to a significant number of software vulnerabilities dominating our dataset. In the past, researchers and vendors have cited challenges in researching and remediating firmware vulnerabilities; software updates are often prioritized over firmware updates given the comparative ease to test and distribute software patches.


The good news is that the number of published OT vulnerabilities with partial or no remediation is dwarfed in the 2H 2022 by the availability of full remediations via software patches or firmware updates.

At a Glance


The number of published XIoT vulnerabilities in 2H 2022


The percentage of published OT vulnerabilities in our dataset


Average number of monthly published vulnerabilities in 2H 2022

View the Report

Please complete the form to view the Report.

LinkedIn Twitter YouTube Facebook