Task $2$ CPS Vulnerability Instances

Cyber$-$physical systems link sensing devices attached to a physical process with control elements that transfer data and commands to and from computational devices. RTU, PLC and MTU combine sensing and control operations in a closed$-$loop cycle, whereas HMI provides the computational interface to moni$-$ toring personnel. Your task is to retrieve the vulnerability instances to cyber$-$ attacks for one of the above cyber$-$physical system assets.

You will shift your vulnerability analysis focus on reported instances relevant to one of the above cyber$-$physical system assets. Besides CVE$5$ and supporting CVE$-$Search$6$ you used earlier, you may also use NVD$7($referring to National Vulnerability Database$).$ NVD is a vulnerability database that is built upon and fully synchronized with CVE so that any updates to CVE appear immediately in NVD$.$ Thus, CVE feeds NVD$,$ which then builds upon the information included in CVE entries to provide enhanced information for each entry such as severity scores $($calculated based on CVSS$8$ standard$),$ and impact ratings. As part of its enhanced information, NVD also provides advanced searching features such as by OS; by vendor name, product name, and$/$or version number; and by vulnerability type and severity.

Task $2\mathrm{.}1$ In your CPS vulnerability report, you must provide a brief summary of retrieved vulnerabilities for one of the above CPS assets. This summary is expected to include the number of vulnerability instances in CVE and in NVD for your chosen CPS asset or product. Are the numbers consistent? If not, attempt an explanation.

Task $2\mathrm{.}2$ Choose three different but CPS$-$related vulnerability reports in CVE, and try to find relevant descriptive sections, followed by a short summary of the report.

You should thus report on the following descriptors, along with a short summary:

$1.$ ID

$2.$ Component and version $($if any$))$

$3.$ Asset $($or product$)$ and version $($if any$))$

$4.$ Vendor