Security researchers have uncovered dozens of vulnerabilities that have shown to be "high targets for bad actors".Forescout has issued its OT:ICEFALL report, which has disclosed 56 vulnerabilities affecting devices from 10 OT (operational technology) vendors.These include Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa.The vulnerabilities in OT:ICEFALL are divided into four main categories; insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality.The report states that more than a third of the vulnerabilities (38 per cent) allow for compromise of credentials, with firmware manipulation coming in second (21 per cent) and remote code execution coming third (14 per cent). Forescout also revealed that a total of 74 per cent of the product families affected by OT:ICEFALL have some form of security certification and said most issues found should be discovered "relatively quickly during in-depth vulnerability discovery". "The rapid expansion of the threat landscape is well documented at this stage. By connecting OT to IoT and IT devices, vulnerabilities that once were seen as insignificant due to their lack of connectivity are now high targets for bad actors," said Daniel dos Santos, head of security research at Forescout Vedere Labs. "Ten years on from BASECAMP and now ICEFALL, we have a very long way to go to reach the summit of these OT design practices. These types of vulnerabilities, and the proven desire for attackers to exploit them, demonstrate the need for robust, OT-aware network monitoring and deep-packet-inspection (DPI) capabilities."Although the impact of each vulnerability is highly dependent on the functionality each device offers, they fall under the following categories; remote code execution, denial of service, file/firmware/configuration manipulation, compromise of credentials and authentication bypass.The report said: "With OT:ICEFALL, we wanted to disclose and provide a quantitative overview of OT insecure-by-design vulnerabilities rather than rely on the periodic bursts of CVEs for a single product or a small set of public, real-world incidents that are often brushed off as a particular vendor or asset owner being at fault. These issues range from persistent insecure-by-design practices in security-certified products to subpar attempts to move away from them."The goal is to illustrate how the opaque and proprietary nature of these systems, the suboptimal vulnerability management surrounding them and the often-false sense of security offered by certifications significantly complicate OT risk management efforts."