Common Vulnerability Scoring System - Version 2023 - Security - Hexagon

Hexagon's Asset Lifecycle Intelligence Division Security Approach

Language
English
Search by Category
Security

Common Vulnerabilities and Exposure (CVE) is extensively used as a source of known vulnerabilities. Hexagon utilizes the Common Vulnerability Scoring System (CVSS) to analyze and score the severity of detected vulnerabilities. The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. For specific documentation for CVE and CVSS, see Common Vulnerabilities and Exposure and Common Vulnerability Scoring System.

Hexagon uses the CVSS standard to determine the severity of computer security vulnerabilities and it consists of three different metric groups:

  1. Base Metric Group

  2. Temporal Metric Group

  3. Environmental Metric Group

The CVSS ranks the severity of security vulnerabilities on a scale of 0.0 - 10.0. Each score range is classified using a severity rating of either None, Low, Medium, High, or Critical, as shown in the following table:

Severity Rating

CVSS Score

None

0.0

Low

0.1 - 3.9

Medium

4.0 - 6.9

High

7.0 - 8.9

Critical

9.0 - 10.0

Where a Common Vulnerability and Exposure public record is not listed, Hexagon uses a CVSS calculator to manually review and score any security issues. Hexagon ALI classifies a security vulnerability as Critical using the CVSS score of 9.0 or higher.