Vulnerabilities Page

The Vulnerabilities page in the IoT Security portal displays detected vulnerabilities.
The Vulnerabilities page (
Risks
Vulnerabilities
) provides an overview of the vulnerabilities and vulnerable devices that IoT Security detected and presents the following information:
  • The total number of confirmed and potential vulnerabilities organized by severity level
  • A bar chart that shows the distribution of vulnerabilities by device profile
  • A table listing vulnerabilities, each of which links to a page with further details
When you hover your cursor over one of the bars in the Vulnerability Distribution bar chart, a panel pops up displaying the number of vulnerabilities and vulnerable devices in that profile.
You can search for a text string in any of the columns, download the list of vulnerabilities, create a filter to show only the vulnerabilities you want to see, and control which columns you want to show and hide.
Although the Severity column in the table shows only icons, you can still search by the severity level words Critical, High, Medium, and Low.
You can also set the number of rows you want to see on each page (from 5 to 200) and navigate among multiple pages.
CVSS Score Range
Severity Level
9.0 – 10.0
Critical
7.0 – 8.9
High
4.0 – 6.9
Medium
< 4.0
Low
While a severity level in the IoT Security system reflects a CVSS score, there isn’t always a direct correlation between the two. For example, a hard-coded password in a device might have a CVSS score of 10.0, but an IoT Security severity level of High rather than Critical. This can happen when there isn’t proof that the device can be accessed from the Internet or by an unauthorized user. While NIST assigns a CVSS score to a vulnerability generically, IoT Security assigns a “risk severity” level to vulnerabilities based on the specifics of each case.
For example, although the first vulnerability has a CVSS score of 9.8, its risk severity is High instead of Critical. IoT Security bases the severity level not only on the CVSS score but on other determining risk factors as well.
Vulnerabilities table columns
  • Severity
    – The severity level of a vulnerability: critical, high, medium, or low.
  • CVSS
    – The CVSS (Common Vulnerability Scoring System) score of a vulnerability.
  • Vulnerability
    – The name or CVE (common vulnerabilities and exposures) number of a vulnerability. This links to the Vulnerability Details page.
  • Confirmed
    – Indicates if a vulnerability is confirmed to apply to one or more devices. An empty field indicates that it is a potential vulnerability.
  • Source
    – (Not shown by default) The source that identified the device vulnerability: IoT Security or Firewall.
  • Confirmed Instances
    – The number of devices to which a vulnerability is confirmed to be applicable. This number links to the Vulnerability Details page.
  • Potential Instances
    – The number of devices to which a vulnerability might be applicable but has not been confirmed. This number also links to the Vulnerability Details page.
  • Vulnerable Profiles
    – The number of device profiles to which a confirmed or potential vulnerability applies.
When you hover your cursor over an entry in the Vulnerability column, a panel pops up with showing its description and impact.
Clicking
View more
opens the Vulnerability Details page. Clicking the name of a vulnerability entry also opens the Vulnerability Details page.

Recommended For You