Russian Vulnerability Scanner Database

Navigation

Help & DocumentationPlatform OverviewHow to Use the PlatformVulnerability Scoring SystemsFrequently Asked QuestionsRelease History

Answers to common questions about the Vulnerability Catalog — an educational showcase of the Russian Scanner-VS 7 by JSC “Echelon Technologies”.

About the Platform

What is the Vulnerability Catalog?

The Vulnerability Catalog vulnerabilities.etecs.ru is a free educational platform demonstrating the capabilities of the Russian comprehensive security analysis system Scanner-VS 7. The platform provides the cybersecurity community with access to a normalized vulnerability database for research and educational purposes.

How is it different from other vulnerability catalogs?

Unique Features:

  • Russian Origin — developed by JSC “Echelon Technologies” considering domestic IT infrastructure specifics
  • Normalized Data — aggregation from multiple sources, including FSTEC Russia BDU
  • Professional Analysis — using the same algorithms as the commercial Scanner-VS 7
  • Educational Mission — providing free access to quality data for learning
  • Technology Demonstration — showcase of full-featured system capabilities

Who can use the catalog?

Target Audience:

  • Information Security Specialists — for researching current threats
  • IT Administrators — for planning updates and protective measures
  • Students and Educators — for learning modern threat analysis methodologies
  • Security Researchers — for analyzing attack vectors and trends
  • Organization Representatives — for assessing professional solution needs

Technical Questions

How often is data updated in the catalog?

Update Frequency:

  • EPSS scores — daily, based on current threat intelligence data
  • CVE records — real-time when appearing in sources
  • FSTEC BDU — synchronization with official publications
  • Metadata — regular enrichment with additional information

The same update infrastructure is used in the commercial Scanner-VS 7, ensuring data currency for industrial use.

What data sources are used?

Russian Sources:

  • FSTEC Russia BDU — official Russian vulnerability database
  • Domestic OS vulnerability databases — Astra Linux SE, RED OS, Alt Linux

International Sources:

  • NIST National Vulnerability Database — leading global CVE database
  • FIRST.org EPSS — vulnerability exploitation prediction system
  • Operating Systems — Debian, Red Hat, Ubuntu, Windows, Arch Linux
  • Commercial Products — major software vendor databases

What about RED OS and Astra Linux security bulletins?

RED OS Security Bulletins:

  • In accordance with FSTEC Russia requirements, RED OS ensures continuous vulnerability search, develops security updates and compensatory measures to prevent vulnerability exploitation.
  • Licensees of the certified RED OS edition must apply published updates to ensure security and neutralize vulnerability threats.

Astra Linux Special Edition OS Security Bulletins:

  • Licensees using Astra Linux Special Edition OS, certified according to FSTEC Russia information security requirements (certificate № 2557), must apply the methodologies and software updates published in security bulletins to neutralize vulnerability threats in information systems.

What’s the difference between CVSS and EPSS scores?

CVSS (Common Vulnerability Scoring System):

  • Purpose — measuring potential vulnerability impact
  • Range — from 0.0 to 10.0 (higher means more severe)
  • Nature — static assessment of technical characteristics
  • Focus — maximum possible damage when exploited

EPSS (Exploit Prediction Scoring System):

  • Purpose — predicting exploitation probability in real conditions
  • Range — from 0.0 to 1.0 (0-100% probability)
  • Nature — dynamic assessment based on threat intelligence
  • Focus — real threat in current threat landscape

Comprehensive Approach: For effective prioritization, both metrics are recommended: CVSS shows potential damage, EPSS shows threat realization probability.

How to interpret color coding?

CVSS Severity (impact severity):

  • 🔴 Critical (9.0-10.0) — catastrophic impact, immediate measures
  • 🟠 High (7.0-8.9) — serious impact, priority remediation
  • 🟡 Medium (4.0-6.9) — moderate impact, planned measures
  • 🟢 Low (0.1-3.9) — limited impact, background monitoring
  • None (0.0) — informational messages

EPSS Probability (exploitation probability):

  • 🔴 Critical (0.8-1.0) — 80-100% attack probability in next 30 days
  • 🟠 High (0.6-0.8) — 60-80% exploitation probability
  • 🟡 Medium (0.4-0.6) — 40-60% usage probability
  • 🟢 Low (0.2-0.4) — 20-40% attack probability
  • Minimal (0.0-0.2) — 0-20% exploitation probability

Usage and Limitations

Can the catalog be used for commercial purposes?

Educational Use: The catalog is intended for educational, research, and familiarization purposes. You can freely use the platform for:

  • Learning vulnerability analysis methodologies
  • Researching cybersecurity trends
  • Assessing data quality and analysis approaches
  • Training teams in modern information security practices

Commercial Use: For production use in commercial organizations, Scanner-VS 7 is recommended, which provides:

  • Automated IT infrastructure scanning
  • Technical support SLA
  • Regulatory compliance
  • Professional reporting capabilities

What are the limitations of the educational platform?

Functional Limitations:

  • Data viewing only — no infrastructure scanning capability
  • No personalization — public information without asset linking
  • Limited analytics — basic filters and search
  • No technical support — community and documentation for help

What’s not in the catalog:

  • Automatic vulnerability detection in systems
  • Security configuration analysis
  • Password and account auditing
  • SIEM and other information security system integration
  • Personalized remediation recommendations

How to prioritize vulnerabilities for patching?

Recommended Methodology:

1. Critical Priority (24 hours):

  • CVSS ≥ 9.0 + EPSS ≥ 0.8 + available exploits
  • Publicly accessible systems with critical vulnerabilities
  • Absence of compensating controls

2. High Priority (7 days):

  • CVSS 7.0-8.9 + EPSS ≥ 0.6
  • Widely used technologies
  • Presence of proof-of-concept exploits

3. Medium Priority (30 days):

  • CVSS 4.0-6.9 + EPSS 0.3-0.6
  • Specialized systems
  • Theoretical attack vectors

Environment Context Consideration:

  • Protected asset criticality
  • System network accessibility
  • Existing protective measures
  • Patch implementation complexity

About the Commercial Product

What is Scanner-VS 7?

Scanner-VS 7 is a server-based comprehensive security analysis system developed by JSC “Echelon Technologies” for professional use in organizations.

Key Capabilities:

  • Automated scanning of IT infrastructure for vulnerabilities
  • Security configuration analysis
  • Password dictionary auditing
  • Continuous security monitoring
  • Detailed reporting for various management levels

What are the advantages of the commercial version?

Technical Advantages:

  • Rapid Deployment — 1-minute system installation
  • 💾 Minimal Requirements — 2 GB RAM, 2 CPU cores
  • 🔍 High Accuracy — minimal false positives
  • 📊 Comprehensive Analytics — deep risk analysis

Standards Compliance:

  • 🛡️ FSTEC Russia Certificate №2204 (4UD, TU) for Scanner-VS 6 version, Scanner-VS 7 certificate expected in 2025
  • 🇷🇺 Domestic OS Support — Astra Linux SE, RED OS, Alt Linux
  • 🌐 International Compatibility — Windows, Ubuntu, RedHat, CentOS
  • 📦 Container Execution — Docker, Podman, Kubernetes

Operational Advantages:

  • Vulnerability management process automation
  • Integration with existing information security systems
  • Professional technical support
  • Regular database and functionality updates

Who is Scanner-VS 7 suitable for?

Organization Types:

  • Government Agencies — FSTEC and FSB requirement compliance
  • Commercial Enterprises — business-critical system protection
  • Financial Organizations — industry standards compliance
  • Industrial Enterprises — production system protection
  • Educational Institutions — campus cybersecurity assurance

Necessity Criteria:

  • Critical IT infrastructure presence
  • Regulator compliance requirements
  • Need for information security process automation
  • Professional technical support necessity

Support and Community

Where to get help using the catalog?

Available Resources:

  • Documentation — comprehensive guide to all capabilities
  • Training Materials — practical examples and cases
  • FAQ — answers to common questions

For Advanced Questions:

  • Reference to Scanner-VS 7 documentation
  • Consultations with JSC “Echelon Technologies” technical specialists

Is the platform available in other languages?

Current Support:

  • 🇷🇺 Russian — complete interface and documentation
  • 🇺🇸 English — interface and main documentation

Language Features:

  • Automatic preferred language detection
  • Language switching at any time
  • Language setting preservation between sessions

Is catalog development planned?

Current Development Directions:

  • Vulnerability data source expansion
  • Analytical capability improvements
  • New educational material addition
  • New Scanner-VS 7 capability demonstration

Feedback: We value user feedback for platform improvement and welcome your suggestions through JSC “Echelon Technologies” contacts.

Getting the Commercial Product

How to get Scanner-VS 7?

Commercial Inquiry Contacts:

  • 📧 Email: partners@npo-echelon.ru
  • 📞 Phone: 8 (495) 223-23-92
  • 🏢 Address: 107023, Moscow, Elektrozavodskaya str., 24
  • 🛠️ Tech Support: 8 (800) 100-05-02

Acquisition Process:

  1. Contact via provided contacts
  2. Requirements and tasks consultation
  3. System capability demonstration
  4. Commercial proposal preparation
  5. Pilot implementation and team training

Are demo versions or trial periods available?

Familiarization Opportunities:

  • Vulnerability Catalog — demonstration of data quality and interface
  • Demo Sessions — personal Scanner-VS 7 capability presentations
  • Pilot Projects — testing in customer’s real environment
  • Technical Consultation — specific requirement discussions

Contact our specialists to arrange a system capability demonstration in the context of your tasks.

What technical support is provided?

Scanner-VS 7 Support Levels:

  • Basic Technical Support — included in license cost
  • Extended Support — priority service
  • Premium Support247 support for critical systems

Support Types:

  • System usage consultations
  • Technical problem resolution
  • Security and functionality updates
  • Specialist team training

JSC “Echelon Technologies” — Russian cybersecurity solution developer with over 20 years of experience creating information protection systems for government and commercial organizations.