About risks in the Vulnerability category
Vulnerability risks are registered when the application detects vulnerabilities in monitored industrial network devices. A vulnerability is a defect or flaw in device hardware or software that a hacker could exploit to impact the operation of an information system or to gain unauthorized access to information.
The application detects vulnerabilities by analyzing available information about devices. The relevant information utilized to find a known vulnerability of a device is compared to specific fields in the database of known vulnerabilities. The database of known vulnerabilities is built in to the application. This database is created by Kaspersky experts who fill it with information about the latest or most frequently encountered vulnerabilities of devices in industrial networks.
The database of known vulnerabilities contains descriptions of vulnerabilities and descriptions of the devices affected by these vulnerabilities. This database also contains system security recommendations in the form of text or links to publicly available resources. Descriptions and recommendations from various sources are uploaded to the database of known vulnerabilities. These sources may be the manufacturers of devices or software, or various organizations specializing in industrial security. Descriptions and recommendations in the database are provided in English.
After the application is installed, the initial preconfigured database of known vulnerabilities is used. You can keep the database up to date by installing updates.
Kaspersky Industrial CyberSecurity for Networks compares available device information with the specific fields in the database of known vulnerabilities that describe devices affected by vulnerabilities. To detect vulnerabilities, the application uses the following information about devices:
- Hardware vendor.
- Hardware model.
- Hardware version.
- Software vendor. If no software vendor data is detected in the device information, Kaspersky Industrial CyberSecurity for Networks uses the value of the Hardware vendor setting.
- Software name. If no software name is detected in the device information, Kaspersky Industrial CyberSecurity for Networks uses the value of the Hardware model setting.
- Software version.
In the database of known vulnerabilities, descriptions of devices are stored in the CPE (Common Platform Enumeration) language format. The application compares the available device information with these descriptions, automatically converting the information into the CPE language format.
For each vulnerability, the matching descriptions are provided in the details area of the risk in the Matched CPE section.
If the device information matches the corresponding fields in the database of known vulnerabilities, the application registers a Vulnerability risk and uploads information about the vulnerability to the database of detected risks.
The main parameter used to identify a vulnerability is its identification number in the list of Common Vulnerabilities and Exposures (CVE). This identification number is known as a CVE ID. If a vulnerability has not yet been assigned a CVE ID, it is identified by its identification number obtained from other publicly available resources containing vulnerability descriptions.
Kaspersky Industrial CyberSecurity for Networks lets you obtain the identifiers and links to vulnerability descriptions provided by the Russian Federal Service for Technical and Export Control (FSTEC) in the Information Security Threat Database (also known as the BDU). If downloaded vulnerability information contains this type of information from the FSTEC BDU, the application displays this information as its corresponding identifiers in the format BDU:<year>-<number>.
