Elon, Please Doge NVD

How LLM agents can dramatically accelerate CVE analysis, reducing the 3+ month waiting period for critical vulnerability information.

By Venkat PothamsettyFebruary 14, 20253 min read
CVENVDVulnerability ManagementLLMAI Agents
Elon, Please Doge NVD Banner Image

A prospect of ours thinks their HMI door panels was compromised, but none of their vulnerability scanners showed any vulnerabilities, so we dug deeper.

Of course we found 2 CVEs on the device

CVE-2024-52051

CVE-2024-49849

Both of them submitted early in Dec 2024, 3 months back.

Well why did they not show up ?

Because they are still in a state we all dread.

The dreaded CVE state

Why does it take 3+ months to analyze the details on a vulnerability and make judgement calls on CPEs, adjust scores and give quality information on products, versions, impact, exploit details, and workarounds? Can we use tech to make humans more efficient for this use case? Absolutely.

Our LLM agents ran through the vendor links attached and filled up all the items and more that NVD would do and its available over the API. Why cannot humans take advantage of the tech and run through the analysis :(. From our API -

Populate the CPE list based on the description of the CVE

Based on the CVE description, here is what our API produced based our our LLM agent collection

name = 'CVE-2024-52051'
url = f"https://vulns.transilienceapi.com/cves/{name}"
headers = { "x-api-key": "efb43e25-86d1-4ebf-b543-xxx"}
response = requests.request("GET", url, headers=headers)

'name': 'CVE-2024-52051',
 'predicted_cpe_roots': ['a:siemens:simatic_s7-plcsim_advanced',
                         'a:siemens:simatic_s7-plcsim',
                         'a:siemens:simatic_s7_plcsim_advanced',
                         'a:siemens:simatic_step_7',
                         'a:siemens:simatic_pcs7',
                         'a:siemens:simatic_step_7_\\(tia_portal\\)',
                         'a:siemens:simatic_pcs_7',
                         'a:siemens:simatic_step_7',
                         'a:siemens:simatic_step_7_micro\\/win_smart',
                         'a:siemens:simatic_step_7_\\(tia_portal\\)',
                         'a:siemens:simatic_pcs_7',
                         'a:siemens:simatic_pcs7',
                         'a:siemens:simatic_wincc_runtime',
                         'a:siemens:simatic_wincc_runtime_comfort',

The vulnerability is on siemens and simatic on WinCC so the confidence levels on the CPE list is high.

What products and versions are vulnerable?

response = requests.request("GET", url, headers=headers)
pd.DataFrame(json.loads(response.text)['vendors_exploits_details'])['vulnerable_product.vendor_product_name']

0        SIMATIC S7-PLCSIM
1    SIMATIC STEP 7 Safety
2    SIMATIC WinCC Unified
Name: vulnerable_product.vendor_product_name, dtype: object

Give me exploit details

'exploit.exploit_detection_commands': ["grep 'unauthorized' /var/log/application.log"],
'exploit.exploit_dependency': 'low',
'exploit.exploit_dependency_details': 'No special dependencies are required for the exploit to work.',
'exploit.exploit_concern_level': 'High',
'exploit.exploit_concern_reasoning': 'The ease of exploitation and potential impact is significant.',
'exploit.exploit_execution_difficulty': 'Medium',
'exploit.exploit_execution_difficulty_reasoning': 'Requires some knowledge of the application and crafting inputs.',
'exposure_metrics.vulnerability_severity': 'High',
'exposure_metrics.vulnerability_severity_reasoning': 'The vulnerability allows for local command execution, which is critical.',
'exposure_metrics.required_privileges': 'Normal Authenticated User',
'exposure_metrics.required_privileges_details': 'An authenticated user can exploit the vulnerability.',
'exposure_metrics.special_configuration_needed': False,
'exposure_metrics.special_configuration_details': '',
'exposure_metrics.code_exploitability_likelihood': 'likely',
'exposure_metrics.code_exploitability_reasons': 'Common coding errors in input handling lead to vulnerabilities.',
'exposure_metrics.exploit_difficulty': 'Skilled hacker',
'exposure_metrics.exploit_difficulty_reasoning': 'Requires knowledge of the application and exploitation techniques.',
'exposure_metrics.asset_criticality': 'High',
'exposure_metrics.asset_criticality_reasoning': 'Critical for safety operations.',
'exposure_metrics.running_as_service': 'yes',
'exposure_metrics.running_as_service_reasoning': 'Typically runs as a service in industrial environments.',
'exposure_metrics.listening_on_port': 'yes',
'exposure_metrics.listening_on_port_reasoning': 'The service is accessible over the network.',

The tech here is not too complicated, calls to LLMs with some cross checking for hallucinations, no rocket science involved, as our API shows, clearly it works.

We can auto populate CPEs, get listing of products, software, high fidelity impact details at least augment current human work so we can do 100x the analysis.

Is there a case to be made for striving for using new tech so that we don't have to wait 3 months before a CVE gets analyzed?

Share this post:

Latest Articles

Why Services Firms can Eat the World with Agentic Software?

Why Services Firms can Eat the World with Agentic Software?

Software has become a commodity. As customers demand decision-making systems, not just decision support, agentic software is positioned to deliver surgical outcomes and take over the emerging services-as-software market.

February 16, 2025 5 min read
How we BootStrapped a Profitable Agentic AI Startup in Security Space in 6 Months

How we BootStrapped a Profitable Agentic AI Startup in Security Space in 6 Months

Transilience AI bootstrapped a profitable security startup in six months by smartly using multi-agent LLMs and a lean AI stack—proving focus beats big budgets.

January 25, 2025 3 min read
How we use AWS Spend Agent to save hours of investigation tasks

How we use AWS Spend Agent to save hours of investigation tasks

Building an AI agent to automatically monitor AWS costs and determine when human intervention is needed.

January 24, 2025 4 min read