Vulnerabilities Analysis of Software Solutions for Critical Activity Sectors
No Thumbnail Available
The number of security incidents is constantly increasing and represents a serious threat to all critical infrastructure sectors. Software systems, used in the fields of activity of the sectors and subsectors from the annex of Directive 1148/2016 (energy, transport, banking, financial market infrastructures etc.), are the main targets of attacks and harmful actions deliberately to affect their normal functioning. In the last year, there have been numerous cyber-attacks targeting the technologies and solutions of the essential service operators. We have grouped these incidents for each sector separately. Sometimes security incidents can be prevented and it is ideal to take measures so that these incidents do not occur. Prevention measures must be taken based on existing vulnerabilities, identified and reported. The Common Vulnerabilities and Exposures (CVE) platform presents the vulnerabilities identified so far for different software solutions. In this paper we analyse the recent incidents that have compromised critical solutions or infrastructures that have been reported and have had a great impact on these sectors. A special attention is given to the energy sector, in order to determine the vulnerabilities of the applications used here. We identified the impact score for each vulnerability found on the CVE platform, thus determining the impact level for all identified vulnerabilities as well as the average impact level for each solution.
vulnerabilities, software, critical sectors, critical infrastructure