About risks in the Vulnerability category
Vulnerability risks are registered when the application detects vulnerabilities in monitored industrial network devices. A vulnerability is a defect or flaw in device hardware or software that a hacker could exploit to impact the operation of an information system or to gain unauthorized access to information.
The application detects vulnerabilities by analyzing available information about devices. The relevant information utilized to find a known vulnerability of a device is compared to specific fields in the database of known vulnerabilities. The database of known vulnerabilities is built in to the application. This database is created by Kaspersky experts who fill it with information about the latest or most frequently encountered vulnerabilities of devices in industrial networks.
The database of known vulnerabilities contains descriptions of vulnerabilities and descriptions of the devices affected by these vulnerabilities. This database also contains system security recommendations in the form of text or links to publicly available resources. Descriptions and recommendations from various sources are uploaded to the database of known vulnerabilities. These sources may be the manufacturers of devices or software, or various organizations specializing in industrial security. Descriptions and recommendations in the database are provided in English.
After the application is installed, the initial preconfigured database of known vulnerabilities is used. You can keep the database up to date by installing updates.
Kaspersky Industrial CyberSecurity for Networks compares available device information with the specific fields in the database of known vulnerabilities that describe devices affected by vulnerabilities.
Device information used to check for vulnerabilities
If the device information matches the corresponding fields in the database of known vulnerabilities, the application registers a Vulnerability risk and uploads information about the vulnerability to the database of detected risks.
The main parameter used to identify a vulnerability is its identification number in the list of Common Vulnerabilities and Exposures (CVE). This identification number is known as a CVE ID. If a vulnerability has not yet been assigned a CVE ID, it is identified by its identification number obtained from other publicly available resources containing vulnerability descriptions.
Kaspersky Industrial CyberSecurity for Networks version 4.0.1 lets you obtain the identifiers and links to vulnerability descriptions provided by the Russian Federal Service for Technical and Export Control (FSTEC) in the Information Security Threat Database (also known as the BDU). If downloaded vulnerability information contains this type of information from the FSTEC BDU, the application displays this information as its corresponding identifiers in the format BDU:<year>-<number>.
