We Have Never Crashed a PLC During an Assessment. Here Is Why.
Standard IT vulnerability scanners send probes that crash PLCs, lock out controllers, and trigger emergency shutdowns. This is not a theoretical risk — it is a documented failure mode that happens when IT tooling is applied to OT environments without understanding the consequences. Our methodology is passive-first by design: we observe, enumerate, and analyse before we interact. When active scanning is warranted, we use OT-aware tooling with traffic rates and protocol behaviours calibrated for industrial devices. The constraint is not caution — it is engineering discipline.
NEXUS uses passive-first methodology, supplemented by OT-aware active scanning tools where appropriate. We identify vulnerabilities in legacy hardware, proprietary protocols, and unpatched systems without putting your process at risk.
We do not rely on CVSS scores to prioritise findings. A CVSS 5.0 vulnerability in an IT context may be a CVSS 5.0 in your risk register — but the same vulnerability on a PLC controlling a safety-critical process is Critical. Prioritisation is determined by your operational context, not by a scoring system designed for IT environments.
What We Identify
- Known CVEs affecting PLCs, RTUs, HMIs, and SCADA platforms
- Unpatched firmware and operating system vulnerabilities
- Insecure protocol configurations (Modbus, DNP3, EtherNet/IP)
- Default or weak credentials on OT devices
- Unnecessary network services and open ports
- Insecure remote access paths and vendor connections
- Missing network segmentation and boundary control gaps
Our Assessment Methodology
Deliverables
- Complete OT asset inventory with firmware and software versions
- Vulnerability register with operational impact rating
- Network architecture diagram with identified exposure points
- Prioritised remediation roadmap
- Executive summary for management reporting