← Back to Vulnerability Assessment
NEXUS Cybersecurity
DOCUMENT REF NX-VA-2026-[REF]
SECTION 01 — Executive Summary (Extract)
CLASSIFICATION CONFIDENTIAL
Sample — Page 1 of 2
OT/ICS Vulnerability Assessment Sample
■ Redacted Sample
About this sample: This document represents the output of the thinking. The value is in the conversations that produced it — the site walk, the stakeholder interviews, the engineering judgements made along the way. What you are reading is the record. The work that matters happened before the first page was written.
Engagement Overview
Assessment Parameters
Client
[REDACTED]
Site
[REDACTED]
Devices Assessed
[N] OT Assets
Assessment Date
[REDACTED]
Lead Engineer
[REDACTED]
Method
Passive-First + Config Review
Executive Summary
Findings Overview

Passive network monitoring and configuration review of [N] OT assets identified [N] vulnerabilities across the assessed environment. Of these, [N] are rated Critical or High. The most significant findings relate to unpatched firmware on critical PLCs, insecure protocol configurations, and unauthenticated historian web interfaces.

Findings Distribution
By Severity Rating
Critical
[N]
High
[N]
Medium
[N]
Low
[N]
Informational
[N]
Note: Counts above are illustrative. All findings are evidence-based. No active scanning was performed on safety-critical devices without prior written approval.
NEXUS Cybersecurity · Consider It Done.
Confidential — Not for Distribution
Page 1 of 2
NEXUS Cybersecurity
DOCUMENT REF NX-VA-2026-[REF]
SECTION 03 — Vulnerability Register (Extract)
CLASSIFICATION CONFIDENTIAL
Section 03 — Extract
Vulnerability Register Sample
■ Redacted Sample
Vulnerability Register — Extract
Selected Findings
Vuln IDAsset / SystemFindingCVSSRating
VA-002PLC — [Vendor/Model REDACTED]Firmware version [REDACTED] — known RCE vulnerability. CVE-[REDACTED]. No authentication required for exploitation on OT network segment.9.8Critical
VA-005Historian — Web InterfaceHistorian web interface accessible without authentication from OT network. Process data readable and downloadable by any connected host.8.2High
VA-009Engineering WorkstationWindows OS — [version REDACTED] — with [N] unpatched critical CVEs. No application whitelisting. USB ports unrestricted.7.8High
VA-013Modbus TCP — All PLCsModbus TCP with no authentication enabled across all PLC communications. Any host on OT segment can issue read/write commands.6.5Medium
VA-017OT Network — GeneralNo passive monitoring solution deployed. Anomalous traffic patterns undetectable. Observed [N] unknown hosts during assessment window.5.3Medium
What this enables: The full Vulnerability Assessment Report includes the complete asset inventory, all identified vulnerabilities with evidence, a prioritised remediation roadmap with operationally feasible timelines, and a 30-day follow-up verification session.
NEXUS Cybersecurity · Consider It Done.
Confidential — Not for Distribution
Page 2 of 2