What are vulnerabilities?

Vulnerabilities are weaknesses detected on devices that can be exploited by a potential attacker to perform malevolent actions on the network.

Vulnerabilities are detected in Cisco Cyber Vision thanks to rules stored in the Knowledge DB. These rules are sourced from several CERTs (Computer Emergency Response Team), manufacturers and partner manufacturers (Schneider, Siemens...). Technically, vulnerabilities are generated from the correlation of the Knowledge DB rules and normalized device and component properties. A vulnerability is detected when a device or a component matches a Knowledge DB rule.

Important

It is important to update the Knowledge DB in Cisco Cyber Vision as soon as possible after notification of a new version to be protected against vulnerabilities. To do so, refer to the corresponding documentation.

What are vulnerabilities used for?

Example of a Siemens component's vulnerability visible on its technical sheet under the Security tab:

Information displayed about vulnerabilities (1) includes the vulnerability type and reference, possible consequences and solutions or actions to take on the network. Most of the time though, it is enough to upgrade the device firmware. Some links to the manufacturer website are also available for more details on the vulnerability.

A score reports the severity of the vulnerability (2). This score is calculated upon criteria from the Common Vulnerability Scoring System or CVSS. Criteria are for example the ease of attack, its impacts, the importance of the component on the network, and whether actions can be taken remotely or not. The score can go from 0 to 10, with 10 being the most critical score.

You also have the option to acknowledge a vulnerability (3) if you don't want to be notified anymore about it. This is used for example when a PLC is detected as vulnerable but a firewall or a security module is placed ahead. The vulnerability is therefore mitigated. An acknowledgment can be canceled at any time. Vulnerabilities acknowledgment/cancelation is accessible to the Admin, Product and Operator users only.

Where to find vulnerabilities?

Vulnerabilities are accessible through the Vulnerability dashboard of a preset.

Also, you can see vulnerabilities through the Device list. Sort the vulnerability column to bring vulnerable components up:

Moreover, vulnerabilities are pointed out in the map by a device or a component with a red counter badge (4). If you click it, its side panel opens on the right with the number of vulnerabilities evidenced in red (5).

Clicking the vulnerabilities displayed in red (5) (in the figure above) opens the device or component's technical sheet with further details about all its vulnerabilities:

However, you'll be notified each time a device or component is detected as vulnerable by an event. One event is generated per vulnerable component. An event is also generated each time a vulnerability is acknowledged or not vulnerable anymore.