Vulnerabilities

OT Security identifies various types of threats that affect the assets in your network. As information about new vulnerabilities is discovered and released into the general public domain, Tenable research staff designs programs to enable Tenable Nessus to detect them.

These programs are named Plugins, and are written in the Tenable Nessus proprietary scripting language, called Tenable Nessus Attack Scripting Language (NASL). Plugins detect CVEs as well as other threats that can affect assets in your network (for example, obsolete operating systems, usage of vulnerable protocols, vulnerable open ports, and so on.)

Plugins contain vulnerability information, a generic set of remediation actions, and the algorithm to test for the presence of the security issue.

For information about updating your Plugin set, see Environment Configuration.

Vulnerabilities

The Vulnerabilities page shows a list of all vulnerabilities detected by the Tenable Plugins that affect your network and assets.

You can customize the display settings by adjusting which columns are displayed and where each column is positioned. For an explanation of the customization features, see Management Console User Interface Elements.

(For version 3.19 only) The Active Vulnerabilities and Fixed Vulnerabilities options available on the left navigation bar allows you to view open and fixed vulnerabilities respectively.

Note: OT Security retains fixed vulnerabilities for a year before they age out.

The Vulnerabilities page shows the following details:

ParameterDescription
NameThe name of the vulnerability. The name is a link to show the full vulnerability listing.
SeverityThis score indicates the severity of the threat detected by this Plugin. Possible values: Info, Low, Medium, High, or Critical.
VPRVulnerability Priority Rating (VPR) is a dynamic indicator of the severity level, which is constantly updated based on the current exploitability of the vulnerability. Tenable generates this value as the output of Tenable Predictive Prioritization, which assesses the technical impact and threat posed by the vulnerability. VPR values range from 0.1-10.0, with a higher value representing a higher likelihood of exploitation.
Plugin IDThe unique identifier of the Plugin.
Active Assets The number of assets in your network that are currently affected by this vulnerability.
Fixed AssetsThe number of assets in your network affected by this vulnerability and remediated recently, over a defined period of time (by default, one year). Contact Tenable Support to customize this period.
Plugin familyThe family (group) with which this Plugin is associated.
CommentYou can add free text comments about this Plugin.

Plugin Details

To view the plugin details:

  1. In the row of the vulnerability for which you want to view the details, click the vulnerability name.

    The Vulnerability details window appears.

The Vulnerability details window shows the following details:

  • Header bar — Shows basic information about the specified vulnerability. From the Actions menu, select Edit Details to edit vulnerability details. See Edit Vulnerability Details.

  • Details tab — Shows the full description of the vulnerability and gives links to relevant resources.

  • Affected Assets tab — Shows a listing of all assets affected by the specified vulnerability. Each listing includes detailed information about the asset, as well as a link to view the Asset Details window for that asset.

Edit Vulnerability Details

To edit vulnerability details:

  1. In the relevant Vulnerability Details page, in the upper-right corner, click the Actions menu.

    The Actions menu appears.

  2. Click Edit Details.

    The Edit Vulnerability Details panel appears.

  3. In the Comments box, type comments about the vulnerability.

  4. In the Owner box, type the name of the person assigned to address the vulnerability.

  5. Click Save.