MONITORING 5,458+ ICS ADVISORIES

Stop manually checking
for ICS vulnerabilities

Get emailed when any of our monitored ICS security feeds — CISA, BSI, Siemens, Rockwell, and more — publish a vulnerability affecting YOUR PLCs, SCADA systems, and controllers. Filtered to your exact equipment. No noise.

Start 14-Day Free Trial → See How It Works
5,458
ICS advisories tracked
904+
ICS/OT vendors covered
< 2hrs
Alert delivery time
123
with confirmed exploitation in the wild
⚡ Last 7 days: 19 new advisories — 7 critical or high
LIVE ADVISORY FEED
ICSA-24-184-03
Mitsubishi Electric — CVSS 7.0
ICSA-25-238-03
Schneider Electric — CVSS 7.5
ICSA-26-155-01
NAVTOR — CVSS 6.3
ICSA-26-155-02
Hitachi Energy — CVSS 7.5
The Problem

You know you should be tracking ICS vulnerabilities. You don't have time.

CISA, Siemens, Rockwell, BSI and other security authorities publish new OT advisories every week. Each one could affect your plant floor, your SCADA system, or your building management controllers.

  • Manually checking CISA's website every Tuesday
  • Subscribing to 15 different vendor security mailing lists
  • Wading through advisories that don't affect your equipment
  • Enterprise OT security platforms that cost £50k+ per year
otwarden — alert pipeline
$ otwarden check
[FETCH] Pulling latest advisories...
[FETCH] 4 new advisories found

[NEW] ICSA-26-045-02
  Schneider Electric Modicon M340
  CRITICAL — CVSS 9.8

[MATCH] Your watchlist: Schneider Electric
[SENT] alert → [email protected]
[SENT] alert → [email protected]

[DONE] 2 alerts sent in 1.3s
$
How It Works

Three steps. Five minutes.

No software to install. No training required. Just the alerts that matter.

01

Tell Us Your Equipment

Select the vendors, products, and industrial sectors you care about. Siemens PLCs? Schneider SCADA? Rockwell controllers? Pick as many as you need.

02

We Check Multiple Sources Around the Clock

We pull from six authoritative sources: CISA ICS-CERT, BSI CERT-Bund (EU), Siemens ProductCERT, Rockwell Automation, the CISA KEV catalog, and NIST NVD. When a new advisory is published, we parse it, score it, and check it against your watchlist within 2 hours.

03

Get Actionable Alerts

If it affects your equipment, you get a clear email: what's vulnerable, how severe it is, and exactly what to do about it. No jargon. No noise.

Advisory Sources

Six authoritative sources. One inbox.

We aggregate from every major ICS/OT security authority — no important advisory slips through.

CISA ICS-CERT
The primary US government ICS advisory authority. CSAF 2.0 machine-readable format. The industry standard source for OT/ICS vulnerability disclosures.
BSI CERT-Bund (EU)
Germany's Federal Office for Information Security — the EU equivalent of CISA. Publishes CSAF 2.0 advisories covering European ICS vendors, often with different timing to CISA.
Siemens ProductCERT
Siemens' own security team publishes advisories directly — typically days before CISA republishes them. Critical for Siemens PLC and SCADA users who need early warning.
Rockwell Automation
Rockwell's native security bulletin feed. Covers Allen-Bradley PLCs, FactoryTalk SCADA, and all Rockwell products — direct from the manufacturer before third-party republication.
CISA KEV Catalog
CISA's Known Exploited Vulnerabilities catalog. Every advisory is cross-referenced to instantly flag CVEs with confirmed active exploitation — so you know what attackers are using right now.
NIST NVD Enrichment
Every CVE is automatically enriched with technical detail from the NIST National Vulnerability Database, giving you deeper context beyond what the original advisory contains.
Platform Features

More than just email alerts

OTWarden goes beyond forwarding CISA advisories. It's a full vulnerability management workflow built for OT teams.

📋

Asset Inventory Matching

Log your OT devices once. Every alert detail page then shows you exactly which of your assets are affected — no manual cross-referencing.

📅

Compliance Deadline Tracker

Set remediation deadlines per alert. RAG-status badges (red/amber/green) surface overdue items at a glance on your alert list and dashboard.

🌐

Shodan Exposure Indicator

Each alert shows an estimated count of internet-exposed devices matching the affected product, so you can prioritise the most critical issues first.

📊

Peer Benchmarking

See how your patch rate compares to the platform average — an honest measure of your OT security posture that you can report upwards.

🏢

Agency Multi-Client Management

Manage up to 50 client accounts under one Agency subscription. Switch context with one click — each client gets their own watchlist, alerts, and assets.

🔗

Webhook & API Integration

Push advisory matches to PagerDuty, Opsgenie, Slack, Teams, Zapier, or any HTTPS endpoint. Pull your data via REST API for custom workflows.

See what you'll receive

No noise. Just the advisories that affect your equipment.

🔴 CRITICAL SEVERITY — ICS SECURITY ADVISORY
Siemens SIMATIC S7-1500 Remote Code Execution
ICSA-26-012-01 · Published 12 January 2026 · Matched because: vendor: Siemens
9.8
CVSS Score
3
CVEs
No
Known Exploit
Risk Summary
A stack-based buffer overflow vulnerability in the SIMATIC S7-1500 CPU firmware allows an unauthenticated remote attacker to execute arbitrary code or cause a denial-of-service condition.
What To Do
• Update SIMATIC S7-1500 firmware to V3.1.0 or later
• Apply network segmentation to restrict PLC access
• Disable unused communication interfaces
View Full CISA Advisory →

Delivered within 2 hours of CISA publishing. Matched only to vendors on your watchlist.

Vendor Coverage

Every ICS vendor. One watchlist.

We track all vendors that appear in CISA ICS advisories — over 200 and growing.

Siemens 2007
Open Source 329
Rockwell Automation 241
Schneider Electric 146
Hitachi Energy 119
Mitsubishi Electric 110
Delta Electronics 95
Schneider Electric Software, LLC 84
ABB 81
Advantech 78
SuSE 61
Red Hat 58
Moxa 52
Microsoft 47
Johnson Controls, Inc. 43
Philips 39

+ 888 more vendors tracked automatically from CISA ICS advisories

Latest Advisories

What we're tracking right now

The most recent ICS security advisories from CISA ICS-CERT, BSI CERT-Bund, Siemens ProductCERT, and Rockwell Automation, updated every 2 hours.

NONE
wid-sec-w-2026-1804
BigBlueButton: Multiple Vulnerabilities
Open Source
0.0
2026-06-04
NONE
wid-sec-w-2026-1803
SmarterTools SmarterMail: Multiple Vulnerabilities allow nicht spezifizierten Angriff
SmarterTools
0.0
2026-06-04
HIGH
ICSA-24-184-03
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update E)
Mitsubishi Electric Mitsubishi Electric Iconics Digital Solutions
7.0
2026-06-04
HIGH
ICSA-25-238-03
Schneider Electric Modicon M340 Controller and Communication Modules (Update A)
Schneider Electric
7.5
2026-06-04
MEDIUM
ICSA-26-155-01
NAVTOR NavBox
NAVTOR
6.3
2026-06-04
HIGH
ICSA-26-155-02
Hitachi Energy ITT600 Explorer
Hitachi Energy
7.5
2026-06-04
HIGH
ICSA-26-155-03
B&R PPT30 Operating System
B&R Industrial Automation GmbH
7.5
2026-06-04
HIGH
ICSA-26-155-04
Hitachi Energy RTU500
Hitachi Energy
7.8
2026-06-04
MEDIUM
ICSA-26-155-05
Hitachi Energy MACH HiDraw
Hitachi Energy
5.5
2026-06-04
NONE
wid-sec-w-2026-1784
Octopus Deploy: Vulnerability allows Manipulation
Octopus Deploy
0.0
2026-06-02
Browse All Vendors →
Pricing

Costs less than one hour of downtime

All plans include a 14-day free trial. No credit card required to start.

Essential
£29/mo
For individual engineers
  • Monitor up to 5 vendors
  • Email alerts within 2 hours
  • Severity scoring & CVSS data
  • CISA KEV exploitation flag
  • Notes & status tracking on alerts
  • Custom webhook (PagerDuty, Zapier…)
Start Free Trial
Professional
£59/mo
For OT security leads
  • Unlimited vendors & products
  • Priority alerts (under 1 hour)
  • Siemens & Rockwell vendor-native feeds
  • BSI CERT-Bund EU advisory feed
  • KEV priority banner in alerts
  • Slack, Teams & custom webhooks
  • Asset inventory & matching
  • Compliance deadline tracker
  • Shodan exposure indicator
  • Manage up to 5 client accounts
Start Free Trial
Team
£99/mo
For security teams
  • Everything in Professional
  • Up to 5 team email recipients
  • Full compliance audit trail
  • CSV export & priority support
Start Free Trial
Agency
£249/mo
For MSSPs & consultants
  • Everything in Team
  • Manage up to 50 client accounts
  • Per-client watchlists & alerts
  • Per-client compliance reports
  • Dedicated account support
Contact Us

Questions

Where does the vulnerability data come from?

We pull from six authoritative sources: CISA ICS-CERT (CSAF 2.0), BSI CERT-Bund (Germany's equivalent — also CSAF 2.0), the Siemens ProductCERT feed, Rockwell Automation's security bulletin feed, the CISA Known Exploited Vulnerabilities (KEV) catalog, and NIST NVD for additional CVE enrichment. Vendor-native feeds (Siemens, Rockwell) are available on Professional and Team plans.

How fast will I receive alerts?

We check for new advisories every 2 hours. Essential plan subscribers receive alerts within 2 hours; Professional and Team subscribers within 1 hour.

I'm not in the US. Are the alerts still relevant?

Absolutely. CISA ICS advisories cover equipment sold worldwide — Siemens (Germany), Schneider Electric (France), ABB (Switzerland), Yokogawa (Japan).

What's different from the free CISA email list?

CISA sends you every advisory regardless of whether it affects your equipment. OTWarden filters to your exact vendors and products, adds CVSS severity scoring, flags actively exploited CVEs (KEV), pulls in Siemens and Rockwell advisories before CISA republishes them, enriches every CVE with NIST NVD data, and includes EU advisories from BSI CERT-Bund that CISA never covers. Plus compliance tracking, asset matching, and Shodan exposure counts.

Can I monitor specific products, not just vendors?

Yes. Watch at vendor level, product level, or sector level. Mix and match across your watchlist.

Do I need to install any software?

No. Sign up, choose your watchlist, and alerts arrive in your inbox. You also get a web dashboard to view alert history.

Are there any free tools I can use without signing up?

Yes. Three tools are available to everyone with no account required: the CVE Lookup (search any CVE and see which ICS advisories reference it), the Sector Risk Dashboard (advisory activity broken down by industry), and This Week in ICS (the most recent advisories across all sources). All free, no signup needed.

Can OTWarden support NERC CIP or IEC 62443 compliance?

Yes. Professional and Team subscribers receive a monthly PDF report documenting every advisory matched to their watchlist, including severity, CVEs, and remediation status. You can also set per-alert remediation deadlines and export a full audit trail. Suitable for NERC CIP, IEC 62443, and NIS2 evidence requirements.

Can I track which of my actual devices are affected?

Yes. On Professional and Team plans, you can build an asset inventory of your OT/ICS devices. When you open any alert, OTWarden automatically shows you which of your logged assets match the affected vendors — no manual cross-referencing needed.

Know when your systems
are at risk

Start your 14-day free trial. No credit card needed. Cancel anytime.

Get Started →

Free for 14 days · Then from £29/mo · Cancel anytime