Discrepancy between NVD list and available snort rules for Rockwell equipment..

["Steve Matthews \(stmatthe\) via Snort-sigs" <snort-sigs () lists snort org>]

We have a concern from an end customer who uses a lot of Rockwell equipment..

They used this tool:
https://www.snort.org/rule_docs?utf8=%E2%9C%93&search_type=standard&simple_search%5Bsid_or_explanation_or_message_or_cves_cve_key_i_cont%5D=rockwell&submit_rule_search=
And found 34 rules matching Rockwell.

Then, they used this tool:

https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&query=rockwell&search_type=all&isCpeNameSearch=false&cvss_version=3&cvss_v3_severity=CRITICAL

And found 42 Critical and 71 High vulnerabilities.

They want to know what explains this discrepancy.

Is there an explanation why all 42 critical Rockwell vulns are not included in the existing snort rule sets?

Many thanks and kind regards
Steve


_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!