Solution sectors / ics-ot-iot
ICS, OT & IoT
Industrial control systems, operational technology and IoT devices bridge the physical and digital worlds, where a vulnerability can have real-world consequences. This hub tracks CVEs across ICS, OT and connected devices.
ip-camera-nvr · 44smart-home · 29industrial-network · 27medical-device · 22plc-scada-hmi · 9building-automation
Cumulative CVEs
12,018
across 230 monthly snapshots
Latest month
206
-8.8% MoM · +38.3% YoY
Peak month
310
Dec 25
KEV this month
2
68 vendors affected
CVEs per month
Newest period on the right. Click a point to open that monthly report.
Deployment mix
How this sector's software is typically delivered — whether you patch it yourself or a vendor does. AI-assisted vendor classification.
- On-prem40%
- Embedded37%
- Mixed23%
Latest CVEs in this sector
The 15 most recently published vulnerabilities tagged to ICS, OT & IoT.
- CVE-2026-58173Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type6.5
- CVE-2026-58171Vibe-Trading < 0.1.10 - Path Traversal via Swarm Run Identifier4.2
- CVE-2026-58170Vibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading Mandates8.3
- CVE-2026-58169Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution7.5
- CVE-2026-58168DeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin Users8.8
- CVE-2026-48192A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions)...5.4
- CVE-2026-14162Advantech|Hospital Quering Management - Missing Authentication9.8
- CVE-2026-14161Advantech|Hospital Queuing Management - Sensitive Data Exposure7.5
- CVE-2026-56808DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to ...7.2
- CVE-2026-55844Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data7.5
- CVE-2026-13547Hanwang e-Face General Management Platform upload.do unrestricted upload7.3
- CVE-2025-2902Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform8.3
- CVE-2025-0824lack of validation for firmware update in Hitachi Virtual Storage3.7
- CVE-2025-7386Information exposure vulnerability in Hitachi Storage Navigator6.8
- CVE-2026-56414H.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous Type7.2
Weakness fingerprint
Top CWE classes in this sector, latest monthly snapshot.
Top vendors
Most CVEs in this sector, latest monthly snapshot.
| Vendor | CVEs | Crit | KEV |
|---|---|---|---|
| geovision inc. | 19 | 12 | · |
| dräger | 16 | · | · |
| hkuds | 12 | · | · |
| mbs | 11 | 1 | · |
| mbs-solutions | 11 | 1 | · |
| aqara | 10 | 5 | · |
| rti | 8 | · | · |
Subsectors
Breakdown for the latest monthly snapshot.
| Subsector | CVEs | Crit | KEV | Vendors | MoM | Top products |
|---|---|---|---|---|---|---|
| — | 75 | 21 | · | 25 | — | double-a profibus (11) · double-a x-link (11) · double-x can (11) |
| ip-camera-nvr | 44 | 23 | · | 12 | — | gv-lpclpc2011/2211 (10) · gv-i/o box 4e (8) · ix cam (7) |
| smart-home | 29 | 7 | · | 6 | — | nanobot (4) · vibe-trading (4) · aqara iam/sso gateway (3) |
| industrial-network | 27 | 3 | · | 13 | — | connext professional (6) · ivec tank-xm811 (4) · connext micro (2) |
| medical-device | 22 | 2 | · | 6 | — | blood glucose monitoring system (model no. apg-01 bt) (2) · infinity acute care system (2) · infinity delta (2) |
| plc-scada-hmi | 9 | 3 | 2 | 6 | — | daqfactory (2) · pasvisu (2) · pmi v8xx (2) |
Sector classification is AI-assisted with human review. How tagging works · Report a misclassification