Tenable released 32 Nessus plugins specific to SCADA this week. It used to be that using the name Nessus (or any vulnerability scanning/systems mapping solution) in the same sentence as SCADA was sacrilegious. Civil Engineers quake and cower at the possibility of TCP packet mangling anywhere near their SCADA systems.

(I have a funny story from a colleague who, during a PCI assessment of a large fruit producer in SoCal, accidentally scanned one of the irrigation control systems and caused havoc for a couple of hours, until they figured out the root cause.)

These plugins are as always provided on the same basis as any other plugin from Tenable. They may prove to be useful if you find yourself in need of assessing the state of a network with SCADA technologies. However, I will suggest that you do not use these plugins if you don't know what you are doing (or Nessus for that matter), and further suggest you not try to scan anything that even remotely resembles a SCADA environment without all the usual explicit approvals, consents, permissions, and get-out-of-jail-free cards. (This is known as my Caveat h4x0r.)