In this class for Module 7, the class learned about the National Vulnerability Database which gives a score called CVSS which stands for Common Vulnerability Scoring System. This system lists the vulnerabilities found in databases in a score that reflects the severity of the vulnerability. In a July 2010 attack, Stuxnet was given a CVSS Version 2.0 rating of 6.9 which is classified as a medium, and a CVSS Version 3.x rating of 7.8 which is high. More of the description can be found in the resource link below.
According to the readings, Stuxnet used several zero-day vulnerabilities to gain access. A zero-day vulnerability is a vulnerability that exists but is unknown. Day zero is the day the vulnerability is found. These scores and vulnerabilities help understand, prevent, and stay vigilant internationally.
References:
Langner, R. (n.d.). Cracking Stuxnet, a 21st-century cyber weapon [Video]. TED Talks. https://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyber_weapon/transcript?language=en
NVD – CVE-2010-2772. (n.d.). https://nvd.nist.gov/vuln/detail/CVE-2010-2772