Skip to content

Reading a CVE Detail Page

The CVE detail page is the most information-dense view in BreachSpider. It combines scoring data, exploitation signals, affected system information, SAGE AI analysis, patch status, and references into a single page. This guide walks through every section.

The header bar at the top of the page shows:

  • CVE ID: The standard NVD identifier (e.g., CVE-2025-32433).
  • BSID: The BreachSpider internal identifier (e.g., BS-2025-254014-C). The suffix letter indicates severity tier: C=Critical, H=High, M=Medium, L=Low.
  • Severity badge: Color-coded chip showing CRITICAL, HIGH, MEDIUM, or LOW.
  • KEV badge: A red KEV chip appears if this CVE is in the Known Exploited Vulnerabilities catalog.
  • Published date: When this CVE was first published in the NVD.

Scoring Block

The scoring section presents three complementary scoring systems:

CVSS Score: The base severity score (0.0-10.0) with a color bar. Below the score, the full CVSS vector is broken out into its eight components with plain-English descriptions:

  • Attack Vector: Network / Adjacent / Local / Physical
  • Attack Complexity: Low / High
  • Privileges Required: None / Low / High
  • User Interaction: None / Required
  • Scope: Changed / Unchanged
  • Confidentiality Impact: None / Low / High
  • Integrity Impact: None / Low / High
  • Availability Impact: None / Low / High

Each component includes a brief explanation of what it means for this specific CVE. For ICS operators, the Availability Impact is often the most critical factor.

EPSS Score: The FIRST.org Exploit Prediction Scoring System score (0.0-1.0) and percentile ranking. The percentile tells you where this CVE ranks compared to all CVEs in the corpus. A 95th percentile EPSS means this CVE is in the top 5% of exploitation probability.

BCS Score: The BreachSpider Confidence Score (0.0-10.0) with a factor breakdown showing how each input (CVSS, EPSS, KEV, exploit availability, ICS relevance) contributed to the final score. This is the primary triage metric.

Exploitation Signals

This section consolidates all known exploitation intelligence:

  • KEV Flagged: Yes or No. If yes, the date this CVE was added to the KEV catalog.
  • PoC Available: Yes or No. Whether proof-of-concept code has been published.
  • Public Exploit Available: Yes or No. Whether a working exploit is publicly accessible.
  • Exploit Maturity: NONE, POC, FUNCTIONAL, or WEAPONIZED. The highest confirmed maturity level.

These signals are the primary drivers of BCS score elevation. A CVE with a FUNCTIONAL exploit and KEV flag will have a significantly higher BCS than one with only a high CVSS.

Affected Systems

Lists all vendors and products affected by this CVE:

  • Vendor and product list: Every vendor/product combination affected, with version ranges where available.
  • Primary vendor/product: The most commonly referenced affected system.
  • ICS relevance score: A 0.0-1.0 score indicating how relevant this CVE is to ICS/OT environments. Scores above 0.5 indicate direct ICS relevance.
  • Affected protocols: If the CVE affects an industrial protocol (Modbus, DNP3, OPC-UA, EtherNet/IP, PROFINET), it is listed here.

SAGE Analysis

Available on Standard tier and above (blurred preview on Free). SAGE provides four analysis sections:

  • Executive Summary: A plain-English description of what this vulnerability does and why it matters. Written for both OT engineers and plant managers.
  • ICS Context: What this CVE means specifically for ICS/OT environments. How it could be exploited in a control system context, what assets are at risk, and what the operational impact could be.
  • Remediation Guidance: Step-by-step actions to take, ordered by priority. Includes both patching instructions and compensating controls for environments where patching is not immediately feasible.
  • Confidence Score: A SAGE confidence tier (SOVEREIGN_AUDIT_PASS, HIGH, MEDIUM, LOW) indicating how certain the analysis is, backed by mathematical tracing to source data.

Patch Block

  • Patch Status: Patched, Unpatched, or Partial.
  • Patch Version: The specific version that resolves the vulnerability.
  • Patch URL: A direct link to the vendor's patch download or advisory.
  • Workaround: If a workaround exists (before or instead of patching), it is described here.

Classification

  • CWE IDs: The Common Weakness Enumeration identifiers with links to the CWE database. Examples: CWE-787 (Out-of-bounds Write), CWE-306 (Missing Authentication).
  • Attack Vector (plain English): A one-sentence description of how an attacker would exploit this vulnerability.
  • Layer Classification: Which BreachSpider layer (OT, OS, NETWORK) this CVE most commonly affects.

Timeline

A chronological view of key dates:

  • Published: When the CVE was first published in the NVD.
  • Modified: When the NVD record was last updated.
  • Enriched: When BreachSpider last enriched the CVE with EPSS, BCS, and exploit data.
  • KEV Added: When this CVE was added to the KEV catalog (if applicable).

References

External links for further research:

  • NVD link: Direct link to the NVD page for this CVE.
  • KEV link: Direct link to the KEV entry (if KEV flagged).
  • Vendor advisory links: Links to the vendor's security advisory.
  • BreachSpider public page: The public-facing CVE page on breachspider.com.

Download PDF

Click the PDF button in the header to download a formatted single-CVE intelligence brief. The PDF includes all sections above in a printable format with the CITED Relevance LLC letterhead.

Use this PDF to:

  • Share a CVE briefing with your automation vendor for remediation guidance.
  • Present a critical vulnerability to plant management for escalation approval.
  • Include as evidence in a compliance submission.
  • Send to an MSSP for third-party assessment.