Forum Discussion
New OT Vulnerability and Device Coverage – September 2024 We’
New OT Vulnerability and Device Coverage – September 2024
We’ve expanded our vulnerability and device coverage for Tenable OT Security to help you strengthen your OT/IoT security posture. Recent updates include 82 new plugins — 15 of which have a critical CVSSv3 rating, including a critical vulnerability in Dahua Security (CVE-2024-39950), along with other vulnerabilities affecting Siemens, Hikivision, Danfoss, Welotec, Rockwell Automation, Emerson, Yokogawa, and more.
Additionally, we've added new device coverage for key OT/IoT assets, including Mettler Toledo Weighing Terminals, Panasonic (i-PRO) Cameras, Hikivision Cameras, and others.
New Vulnerability Coverage
82 new plugins recently published, 15 with a critical CVSSv3 severity rating:
- Dahua Security (CVE-2024-39950) - Critical
- Dahua Security Cameras Buffer Copy Without Checking Input Size (CVE-2019-9677) - Critical
- Hikivision Multiple Products Command Injection (CVE-2021-36260) - Critical
- Hikivision IP Cameras Buffer Overflow (CVE-2018-6414) - Critical
- Danfoss AK-SM800A Improper Input Validation (CVE-2023-25915) - Critical
- Welotec Industrial Routers Improper Access Control (CVE-2023-1083)
- Siemens SCALANCE M-800, RUGGEDCOM RM1224 Exposure of Data Element to Wrong Session (CVE-2024-41977)
- Rockwell Logix Controllers Unprotected Alternate Channel (CVE-2024-6242)
- Emerson Ovation OCR400 Controller Heap-Based Buffer Overflow (CVE-2019-10965)
- Yokogawa CENTUM Controller Improper Access Control (CVE-2024-5650)
- Mettler Toledo IND780 Weighing Terminal Remote Unauthenticated Directory Traversal (CVE-2021-40661)
New Device Coverage
Effective OT/IoT device coverage enhances the security posture of your OT environment by providing visibility, control, and protection across the entire network of industrial assets.
Coverage is now available for the following known devices/vulnerabilities:
