Kaspersky Industrial OVAL Data Feed for Windows

Main article: Vulnerabilities in software and hardware

2022: Presentation of Kaspersky Industrial OVAL Data Feed for Windows

Kaspersky Lab on October 25, 2022 presented the Kaspersky Industrial OVAL Data Feed for Windows tool. This computer-readable data stream will allow industrial organizations to improve the quality of detection and assessment of vulnerabilities in SCADA systems and other industrial software.

Kaspersky Industrial OVAL Data Feed for Windows provides comprehensive information about vulnerabilities in popular SCADA systems and distributed control systems (DCS): description, name and vulnerable software versions, criticality and metrics assessment (CVSS). This information is based on data on known vulnerabilities, information about which is regularly analyzed and updated by Kaspersky Lab experts, as well as on instructions for neutralizing previously discovered gaps. With this, the tool provides specialists with appropriate recommendations. At the same time, the data stream also contains information about the products of world vendors: Siemens, Schneider Electric, Yokogawa, Emerson and others.

This tool complies with the specification of the OVAL (Open Vulnerability and Assessment Language) standard, which describes the transfer of vulnerability data to various products and services that ensure the security of organizations. Kaspersky Industrial OVAL Data Feed is provided in XML format and integrates with vulnerability management solutions in industrial systems that support the corresponding standard. In addition, the tool can work in conjunction with open source OVAL interpreters.

Kaspersky ICS CERT experts collect and analyze information about vulnerabilities based on constant monitoring of many data sources, including MITRE, the National Vulnerability Database (NVD), US-CERT, information from vendors and user communities, as well as on the basis of their own research. The team of experts carefully checks the data for possible errors that may affect the correctness of the detection and assessment of vulnerabilities. Neutralization measures are based on extensive experience in protecting industry from threats and recommendations from SCADA system manufacturers.

The OVAL standard is actively used to describe vulnerabilities and correctly configure known software products. However, the market lacked a comprehensive OVAL source of quality data for industrial automation systems software. Our data flow fills this gap by providing sufficient software coverage for automated management systems. It will allow industrial organizations to improve the process of automated vulnerability assessment and improve its effectiveness. We will be happy to demonstrate this during projects with our clients, "said Mikhail Berezin, Head of Product Development at Kaspersky ICS CERT.