OT Vulnerability and Device Coverage Update – November 2024

In the past two months (Sep-Oct), we’ve expanded our vulnerability and device coverage in Tenable OT Security to help you further strengthen your OT/IoT security posture. Recent updates include 287 new plugins — 60 of which have a critical CVSSv3 rating, including critical vulnerabilities affecting the following systems:

• Qnap QTS Command Injection (CVE-2017-7876)
• Beckhoff TwinCAT/BSD Improper Neutralization of Input During Web Page Generation (CVE-2024-41174)
• Synology DiskStation Manager Use After Free (CVE-2021-27646) 
• Cognex In-Sight OPC Server Deserialization of Untrusted Data (CVE-2021-32935)
• Sony Network Cameras Stack-based Buffer Overflow (CVE-2018-3938)
• Nexans FTTO GigaSwitch Backdoor Account (CVE-2022-32985)
• Emerson Ovation Missing Authentication for Critical Function (CVE-2022-29966)

Find more plugins →

New Device Coverage

Effective OT/IoT device coverage enhances the security posture of your OT environment by providing visibility, control, and protection across the entire network of industrial assets. We've recently added coverage for the following devices:

• ICP DAS
  • WISE
• Qnap
  • NAS (QTS/QuTS hero/QES)
• Synology
  • NAS (DiskStation Manager)
• Keyence
  • Intuitive Vision (CV-X Series)
  • Customizable Vision System (XG-X Series)
• Omron
  • CJ1
• Fanuc
  • R-30iA
  • R-30iB
  • R-J3
• APC
  • Network Management Cards
• Rockwell
  • PowerFlex DC Drives
• Cognex
  • In-Sight
  • DataMan
• Wago
  • PFC300
• Sony
  • Network Cameras
• Teltonika
  • RUT routers
• Dell
  • Laser printers
• ABB
  • Freelance DCS (AC 700/800F/900F)
• JUMO GMBH
  • AQUIS
  • DICON
  • LOGOSCREEN
• Nexans
  • iGigaSwitch
• Actelis Networks
  • MetaLIGHT Ethernet Access Devices
• SEH Computertechnik
  • USB Device Servers