Definition of Vulnerabilities

Vulnerabilities are weaknesses detected on devices that can be exploited by a potential attacker to perform malevolent actions on the network.

Cisco Cyber Vision detects Vulnerabilities in the rules stored in the Knowledge database. These rules are sourced from several CERTs (Computer Emergency Response Team), manufacturers and partner manufacturers (Schneider, Siemens, etc.). Vulnerabilities are generated from the correlation of the Knowledge database rules and normalized device and component properties. A vulnerability is detected when a device or a component matches a Knowledge database rule.

Important

Always update the Knowledge database in Cisco Cyber Vision as soon as possible after notification of a new version. This protects your network against vulnerabilities. Refer to the corresponding documentation.

Vulnerability Use

Below is an example of a Siemens component's vulnerability. See the technical sheet, Security tab.

1. Information displayed about vulnerabilities includes the following: vulnerability type and reference, possible consequences, and solutions or actions to take on the network. Often, upgrading the device firmware alleviates a vulnerability. Links to the manufacturer website are also available.

2. A score reports the severity of the vulnerability. The score is calculated upon criteria from the Common Vulnerability Scoring System (CVSS). Criteria examples are: the ease of attack, its impacts, the importance of the component on the network, and whether actions can be taken remotely or not. Scores range from 0 to 10, with 10 being the most critical score.

3. Acknowledge a vulnerability if you don't want to be notified about it anymore. For example: a PLC is detected as vulnerable but a firewall or a security module is placed ahead. The vulnerability is mitigated. Cancel an Acknowledgment at any time. Only the Admin, Product, and Operator users can access Vulnerabilities Acknowledgment/Cancelation.

Vulnerability Location

Access Vulnerabilities in any of the following ways: click Explore > All Data > Vulnerabilities, use Vulnerability dashboard of a preset, or through the Device list. Use the Sort arrows to view the vulnerability column.

Find vulnerabilities on the map by a device or a component with a red counter badge. Click the badge (4) and the side panel opens with the number of vulnerabilities shown in red.

Click the Vulnerabilities in red (5) and the device or component's technical sheet opens.

Events

An event occurs if a device or component gets detected as vulnerable. You receive a notification. One event is generated per vulnerable component. An event is also generated each time a vulnerability is acknowledged or not vulnerable anymore.