FAQ

Vendors and Products

CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.

FAQ : #IoT

Do CVEs only concern software?

No, CVEs do not only concern software. They can also cover vulnerabilities in hardware, firmware, IoT components, operating systems, and even certain dangerous default configurations. For example, flaws in routers, processors, or industrial equipment can also receive CVE identifiers.

This broad coverage allows for the consideration of different attack vectors in a modern information system. The key is that the vulnerability is documented, confirmed, and publicly reported to be included in the CVE program. This way, security teams can assess risks across the entire infrastructure.

#CVE #IoT

Search in FAQ

Tags

#CAPEC #CISA #CISO #CNA #CVE #CVSS #CWE #EPSS #FIRST #IoT #KEV #MITRE #NVD #SOC #Zero-day

The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.

FAQ : #IoT

Do CVEs only concern software?

Search in FAQ

Categories

Tags