Vulnerability assessments are important to thoroughly analyze advisories from vendors as many have incomplete details, incorrect exploitation conditions, or require deeper research. The presentation provides examples of vulnerabilities from GE Grid Solutions, Schneider Electric, Cisco, Rockwell Automation and Bosch where the initial CVSS scores and details were updated after further analysis. It also outlines Kaspersky's vulnerability assessment process of monitoring, research, and analysis to help improve ICS security.
35. 35
~1.5 года от репорта до
выпуска advisory
вендором
8 уязвимостей, 2 RCE
ISaGRAF vulnerabilities
Rockwell Automation
(https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699)
37. 37
Rockwell
Automation
(USA)
Fiord (RU)
Кто и где использует
ISaGRAF
Runtime
Leroy
Automation
(FR)
EKE
(FIN)
Talgo
(Spain)
SNCF
(FR)
London
Underground
Поезд Санкт
– Петербург
- Хельсинки
Румыния Китай
Россия
CAF
(Spain)
Европрибор
Вымпел
Owen
SE
GE
RA