See every device.
Prove every weakness.
An interactive OT/ICS vulnerability-assessment console. Associate CPEs to CVEs, interpret CVSS, drive authorized scanners, prioritize by real-world risk, and map every finding to NIST, IEC 62443, and MITRE ATT&CK — all in one self-contained app.
The full Phase-3 workflow, end to end.
From passive CVE association to authorized active scanning, risk scoring, evidence discipline, and remediation — every step is in the box.
CPE → CVE association
NVD lookups with exact & wildcard matching, Redis-style caching, and rate-limit backoff — passive, no device contact.
CVSS interpretation
Live vector parsing (v3.1/3.0/2.0), severity bands, and CWE extraction — read the why behind a 9.8, not just the number.
Scanner adapters
OpenVAS/GMP lifecycle and Nuclei safe-templates — gated behind Phase-3 authorization, severity normalized.
Risk prioritization
Severity + EPSS + CISA KEV + exposure + device role + consequence — so a safety PLC outranks a camera with the same CVE.
Evidence discipline
A scanner finding is an observation, not truth. Candidate vs confirmed, multi-method convergence, and pair-scoped suppression.
Frameworks & controls
Map findings to NIST CSF 2.0, SP 800-53, IEC 62443 SLs, and MITRE ATT&CK for ICS — a CVE becomes an auditable gap.
Remediation tracker
Findings become tracked tasks on a kanban — owner, due date, SLA, and backlinks to the asset and CVE that justify them.
Command palette
Press Ctrl K to jump to any page, asset, or CVE — three-level drill-down (asset → CVE → CVSS) ties every workspace together.
Hardened by default
Content-Security-Policy, escaped inputs, and zero network egress. Light/dark themes, responsive, reduced-motion aware.
Sixteen guided workspaces. One discovery run.
Open the console and click around.
Start in the Overview command center, then press Ctrl K to jump anywhere.
▶ Launch the console