Understanding the CVE Management Window - PAS ICS Integrity - 7.3 - Help - Intergraph

ICS Integrity Help

Language
English
Product
PAS ICS Integrity
Subproduct
ICS
Search by Category
Help
PAS Version
7.3

The CVE Management window lists the identified vulnerability matches for your assets. ICS Integrity uses the inventory item information collected from your assets and compares it with the latest imported vulnerability data. If a Common Vulnerability and Exposure (CVE) is found for an asset, ICS Integrity looks to see if the identified remediation patch is applied. If the patch is applied, ICS Integrity sets the Patch Status to Applied. For more information about using this window, see Performing CVE Management.

user-vm-cve

The columns on the CVE Management window are defined as follows:

CVE ID

Provides the unique identifier from the National Vulnerability Database (NVD) for this known vulnerability, also referred to as a Common Vulnerability and Exposure (CVE). When you click on a value in this column, ICS Integrity displays the NVD information about this known vulnerability, including links to more information.

Vendor Name

Provides the name of the vendor from the NVD for this known vulnerability.

CVSS Base Score

Provides the vulnerability score from the NVD for this known vulnerability. The Common Vulnerability Scoring System is an industry standard used to assess the severity of computer system security vulnerabilities.

Severity

Provides the severity level that the NVD defined for the associated CVSS Base Score. The severity levels include Critical, High, Medium, and Low.

ICS-CERT

Indicates whether this vulnerability information is linked to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). This team works with the intelligence agencies, law enforcement groups, and control system vendors and owners to reduce risks across all critical infrastructure.

Match Confidence

Provides a percentage of how closely the vulnerability information matches the inventory item. A higher value indicates a closer match between the vulnerability information and the inventory item details. You can adjust the Vulnerability Management window to hide matches with a match confidence value lower than the value you specify in the upper left portion of the window. If you change the percentage to display, click Refresh to update the displayed list. You can also adjust your vulnerability matching rules to improve the accuracy of this information for your set of assets.

Match (V:P:V)

Provides three percentages of how closely the vulnerability vendor name, product name, and version number matches the inventory item. These three values are used to calculate the Match Confidence column value. A higher value indicates a closer match between the vulnerability information and the inventory item details. You can adjust your vulnerability matching rules to improve the accuracy of this information for your set of assets. If version information is missing from either the NVD or your inventory, the vendor value is a question mark (?).

CPE (Vendor:Product:Version)

Provides the structured naming scheme value from the NVD for this vulnerability, such as microsoft:internet_information_server:6.0.

Inventory Item (Vendor:Product:Version)

Provides the structured name from the Integrity inventory data for the identified asset. This name is linked to allow you to view details and additional information about the asset.

Location

Provides the path to the asset above the parent system in the asset hierarchy. This path is linked to allow you to view details and additional information about the assets.

Parent System

Provides the name of the computer system that hosts the software that this vulnerability matches.

Microsoft Security Bulletin

Provides the number of the Microsoft security bulletin associated with this vulnerability, if one exists.

Patch Required

Indicates whether the Microsoft patch that remediates this vulnerability, if one exists, has been installed on the computer. This column indicates whether the patch is applied or required.

Age (Weeks)

Indicates the number of weeks this vulnerability has been detected in the environment.

Published Date

Provides the date this Common Vulnerability and Exposure (CVE) was published to the National Vulnerability Database (NVD).

Detected Date

Provides the date this vulnerability match was found by Integrity when comparing the vulnerability information to the Integrity inventory data.

Case ID

Provides the number of the workflow case, if one was created for this vulnerability.

Disposition

Provides the status of this vulnerability, which can be set in several ways. If you suppress the vulnerability, this column is set to Suppressed. If no workflow definitions are set up for vulnerability management, the value of this column is set by the Disposition options button you click for this vulnerability. If a workflow was defined for vulnerability management, this column is set to the state of the workflow case associated with this vulnerability. When the workflow case is closed, the disposition value is set to Closed, workflow-completion-status, such as Closed, Remediated. The workflow definition states and the completion status names are defined by the administrator.