To address the limitation of static vulnerability assessment in industrial environments—its inability to reflect evolving risk dynamics—this paper proposes a time-aware dynamic vulnerability prioritization method. Methodologically, it systematically integrates CVSS temporal metrics into a Bayesian network framework, enabling probabilistic reasoning over exploit availability, fix status, and report credibility to dynamically adjust and update CVSS base scores over time. The key contribution is a self-adaptive, evolution-capable risk assessment model that overcomes the inherent static nature of conventional CVSS scoring. Empirical validation across multiple representative industrial scenarios demonstrates that the method significantly improves both the accuracy and timeliness of vulnerability ranking, thereby supporting real-time, interpretable, and actionable risk decision-making.

Vulnerability assessment is a critical challenge in cybersecurity, particularly in industrial environments. This work presents an innovative approach by incorporating the temporal dimension into vulnerability assessment, an aspect neglected in existing literature. Specifically, this paper focuses on refining vulnerability assessment and prioritization by integrating Common Vulnerability Scoring System (CVSS) Temporal Metrics with Bayesian Networks to account for exploit availability, remediation efforts, and confidence in reported vulnerabilities. Through probabilistic modeling, Bayesian networks enable a structured and adaptive evaluation of vulnerabilities, allowing for more accurate prioritization and decision-making. The proposed approach dynamically computes the Temporal Score and updates the CVSS Base Score by processing data on exploits and fixes from vulnerability databases.