-
公开(公告)号:US20200272743A1
公开(公告)日:2020-08-27
申请号:US16646190
申请日:2018-08-31
申请人: Siemens Corporation
发明人: Zhen Song , Rizwan Majeed , Arquimedes Martinez Canedo , Guannan Ren , Gustavo Arturo Quiros Araya
摘要: A system for checking security vulnerabilities for automation system design includes a security database, an Internet crawler application, and security service application. The security database stores descriptions of known software vulnerabilities related to an automation system. The Internet crawler application is configured to systematically browse the Internet to find new software vulnerabilities related to the automation system and index the new software vulnerability into the security database. The security service application retrieves, from the security database, potential software vulnerabilities related to a hardware/software configuration of the automation system. The security service application also identifies policies related to the potential vulnerabilities. Each policy describes a potential vulnerability and action to be performed in response to detection of the potential vulnerabilities. The security service applies the policies to the hardware/software configuration and software code corresponding to an automation application to identify actual vulnerabilities that can be displayed to a user.
-
公开(公告)号:US11481500B2
公开(公告)日:2022-10-25
申请号:US16646190
申请日:2018-08-31
申请人: Siemens Corporation
发明人: Zhen Song , Rizwan Majeed , Arquimedes Martinez Canedo , Guannan Ren , Gustavo Arturo Quiros Araya
摘要: A system for checking security vulnerabilities for automation system design includes a security database, an Internet crawler application, and security service application. The security database stores descriptions of known software vulnerabilities related to an automation system. The Internet crawler application is configured to systematically browse the Internet to find new software vulnerabilities related to the automation system and index the new software vulnerability into the security database. The security service application retrieves, from the security database, potential software vulnerabilities related to a hardware/software configuration of the automation system. The security service application also identifies policies related to the potential vulnerabilities. Each policy describes a potential vulnerability and action to be performed in response to detection of the potential vulnerabilities. The security service applies the policies to the hardware/software configuration and software code corresponding to an automation application to identify actual vulnerabilities that can be displayed to a user.
-