Tenable OT Security 2025 Release Notes

Tip: You can subscribe to receive alerts for Tenable documentation updates.

(Early Access) Tenable OT Security 4.4.29 (2025-09-05)

Send OT Asset Tags to Tenable One and Tenable Security Center

OT Security now transmits dynamic tags or groups created for assets to the Tenable One platform. This helps align OT asset context with IT workflows and reporting in Tenable One and Tenable Security Center.

Note: Tags sent to Tenable One remain on the asset even if later removed in OT Security.

Import PLC Project Files

You can now upload PLC project files to enrich asset inventory with deeper insights, reducing reliance on active queries. For critical sectors such as Oil & Gas, Chemical, and Nuclear, this offers a secure method to enrich asset data while minimizing interaction with live devices. Currently, this works for Rockwell Automation and will expand to include additional vendors. For more information, see Rockwell Project Files.

Merge Assets

You can now merge duplicate assets directly from the inventory, such as firewalls and multi-homed PCs. This leads to a more accurate and organized inventory, reflecting the actual state of assets within the environment. For more information, see Merge Assets.

New Policy Violations Workflow and Dashboard

This release introduces a streamlined workflow for managing Policy Violations findings reported by OT Security such as PLC Start/Stop, Project Uploads, and Intrusion Detection. This update significantly reduces the volume of policy event logs that you have to review, helping you focus on the most relevant events. The Policy Violations dashboard gives you a clearer visibility into active violations, simplifies triage, and accelerates adoption by making policy enforcement and investigation faster and more intuitive. For more information, see Policy Violations.

Improved OT Onboarding Flow

For new installations, the system now guides you to configure network settings before monitoring starts. By default, passive monitoring is turned off to prevent too many initial alerts. The system prompts you to adjust network settings before enabling passive monitoring. This streamlines the initial setup and minimizes irrelevant alerts during the early deployment phase.

OT Proprietary Support - Foxboro DCS

OT Security can now detect Foxboro DCS components, which are critical components in plant operations, through passive fingerprinting. Foxboro is a widely used Distributed Control System that can manage entire plant operations. Because these systems rely on proprietary communications, they have historically been difficult to interpret and monitor. With this new update, you can gain full visibility into Foxboro environments for asset discovery and security monitoring.

VXLAN Support

OT Security now supports VXLAN, which lets you analyze traffic inside modern virtual and cloud networks where VXLAN is used for network segmentation and overlay. This gives you full visibility into east-west traffic across virtual networks without requiring changes to the environment. You can now maintain the same depth of monitoring and security insight even as you adopt scalable, software-defined architectures.

Improved Sensor Management - Multi-port Sniffing

OT Security ICP now supports listening on multiple network interfaces simultaneously through a simplified configuration option. Previously, this required complex command-line input that was error-prone and difficult to manage. With this improvement, you can capture traffic from diverse network segments without additional setup.

Tenable OT Security 4.3.74 (2025-08-19)

OT Security administrators must verify SSH or Cockpit access on Tenable Core virtual and physical appliances. Administrator accounts can become inaccessible if you do not periodically sign in and update your password. For more information, see Leveraging the Remote Unlock Feature in Tenable Core.

OT Agent for Windows

The OT Agent is a new, installable application for Windows that extends OT Security's visibility. It enables safe and active OT asset discovery in areas where deploying traditional sensors is not feasible due to scale or resource constraints. The lightweight OT agents running on Windows devices (for instance, engineering workstations, HMIs, and Windows-based gateways) help bridge visibility gaps by identifying critical OT/IoT systems and embedded devices. Every asset the agent discovers is associated with that agent as a discovery source. For more information, see OT Agents.

OT Agent Management

You can use the OT Agent management page in Data Collection > Data Sources > Agents to configure and initiate OT Agent assessments. Administrators and Supervisor accounts can use this page to assign IP ranges for OT Agent-based asset discovery, schedule executions, and designate credentials for use. For more information, see OT Agents.

Enhanced Findings and OT Data integration in Tenable One

OT Security now reports policy events into Tenable One as Findings, which are tracked against the asset(s) involved in the policy event. Earlier, policy events were viewable only within OT Security or a syslog server. Tenable One users can now filter for “Tenable.ot Violations” findings, if policy events are reported for your assets. To enable this feature, contact Tenable Support.

Asset Groups and Tags

You can now use asset groups in various areas of OT Security. Tags are a new form of asset groups that are usable and searchable outside the event policy editor. The new asset tagging feature extends tag functions to both the predefined groups and the existing group types (Selection, IP range, IP List). The Tags column is visible by default on the inventory view, but it remains empty until you enable the Display Tag option for the asset groups that are pre-defined or created by users. For more information, see Assets Groups and Tags.

Enterprise Manager - Centralized Content Updates

The OT Security EM (EM) users can now centrally manage and initiate content updates, such as plugins, IDS, DFE, for all managed ICPs within the ICPs page. These updates, including vulnerability plugin coverage, intrusion detection rules, and new or improved device detection profiles, are regularly provided through the Tenable online content feed. EM administrators can now schedule or perform on-demand updates to specific ICPs or multiple ICPs using bulk update operations. For more information, see Manage Data Updates.

Tenable Core Account Expiration Reset Service

When an administrative account expires, Tenable Core blocks access to the account and SSH. The new remote unlock utility restores access, allowing you to log in and update account settings. This utility allows an ICP to remotely unlock its connected sensors and an OT Security Enterprise Manager (EM) to remotely unlock its connected ICPs, in the event the SSH or Tenable Core (Cockpit) user gets locked out due to password expiration. For more information, see the Knowledge Base article: Leveraging the Remote Unlock Feature in Tenable Core.

System Log Pagination

The System Logs page loaded slowly for sites with thousands of system log events. Pagination of these logs now significantly improves the responsiveness of this page when there are many log events to display.

New on Inventory - Serial Numbers

The Inventory page now supports a new Serial Number column, which is also included in all CSV exports of the inventory. You can also use the Serial Number to search and filter the inventory table.

New on Inventory - Search by BACnet Instance ID

You can now use the quick search bar on the Inventory page to find specific Building Management System (BMS) controllers by searching for their BACnet Instance IDs.

New UX Elements - Responsive Side Panels

OT Security now includes a new responsive side panel that allows you to drill down and investigate while retaining the background context of the previous page. This allows you to see various findings and data without returning to the browser and restart from the scrolled list. This side panel is now available for the Vulnerability Findings page, allowing you to efficiently investigate while maintaining your current workflow.

Sensors Page Revamp

As part of the continuous user interface enhancements, the Data Sources > Sensors page now includes the new table and styling that match the Inventory and Findings pages.

New UX Elements - Context Sensitive Help Shortcuts

The header of several pages now include a shortcut icon that takes you directly to their corresponding product documentation in a new tab.

To view the documentation corresponding to your OT Security version, you can use the version switcher drop-down to choose the version you need.


Vulnerabilities

Tenable identifies several new vulnerabilities in this release. See the complete list here.

New Tenable OT Security Device Fingerprint Engine (DFE) Coverage

Vendor Product
B&R Automation Controllers
Cisco Catalyst Switches (improvements)
Eaton Power Xpert Gateways
Indu-Sol PROmesh P Series Industrial Switches
Ingeteam INGESYS IC Controllers
Keyence Safety Laser Scanners (SR-V Series)
Lantronix IntelliBox-I/O Serial-to-Ethernet Bridges
Schneider Electric PowerLogic ION Series
Schneider Electric PowerLogic ION 7300 Series
Schneider Electric PowerLogic EGX
Bug Fix Defect ID
The Events page no longer times out when loading millions of queries. NA
OT Security now ensures that the bind operation for Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) no longer times out when the initial AD URLs fail to respond. NA
The System Log page's pagination now ensures responsiveness when there are many log events to display. NA
OT Security now ensures that all Nessus scans are preserved after an upgrade. NA

For more information about OT Security APIs, see the API documentation.

Copy 
Enum value AbbRtu500 was removed from enum BasicCredentialsTypes
Enum value Gateway was removed from enum RelationshipType
Enum value tags was added to enum AggregationsAssetsField
Enum value tags was added to enum AssetField
Enum value NetworkMapper was added to enum AssetSourceType
Enum value EmLicenseInactive was added to enum CannotUpdateDfeReason
Enum value EmOldLicense was added to enum CannotUpdateDfeReason
Enum value EmLicenseInactive was added to enum CannotUpdatePluginSetReason
Enum value EmOldLicense was added to enum CannotUpdatePluginSetReason
Enum value EmLicenseInactive was added to enum CannotUpdateSuricataRulesReason
Enum value EmOldLicense was added to enum CannotUpdateSuricataRulesReason
Enum value findingId was added to enum ChildrenPolicyHitField
Enum value Windows was added to enum CoreOsVersion
Enum value BasicSchemaWithRole was added to enum CredentialSchemaType
Enum value EmLicenseInactive was added to enum ErrorCategory
Enum value EmOldLicense was added to enum ErrorCategory
Enum value FailedToAbortOtAgentScan was added to enum ErrorCategory
Enum value FailedToApproveOtAgent was added to enum ErrorCategory
Enum value FailedToDeleteOtAgent was added to enum ErrorCategory
Enum value FailedToEditOtAgentSchedule was added to enum ErrorCategory
Enum value FailedToLaunchOtAgentScan was added to enum ErrorCategory
Enum value FailedToUpdateOtAgent was added to enum ErrorCategory
Enum value IcpDisconnected was added to enum ErrorCategory
Enum value IcpFeedUpdateSkipped was added to enum ErrorCategory
Enum value NotDeletableWhileDefinedOnDuplicatedNetwork was added to enum ErrorCategory
Enum value FeedType was added to enum ErrorKey
Enum value Name was added to enum ErrorKey
Enum value OtAgentId was added to enum ErrorKey
Enum value Status was added to enum ErrorKey
Enum value tags was added to enum LinkField
Argument displayTag: Boolean added to field Mutation.newAssetGroup
Argument displayTag: Boolean added to field Mutation.setAssetGroup
Enum value tags was added to enum PluginsAssetsField
Enum value findingId was added to enum PolicyHitField
Enum value AgentGateway was added to enum RelationshipType
Enum value OtAgentPendingApproval was added to enum RemovableFlags
Enum value assetTags was added to enum findingField
Field tags was added to object type Asset
Field displayTag was added to object type AssetFunction
Field displayTag was added to interface AssetGroup
Field displayTag was added to object type AssetList
Field displayTag was added to object type AssetTypeFamilyGroup
Type BasicCredentialsWithRole was added
Type BasicCredentialsWithRoleTypes was added
Field OtAgentsAutoApprove was added to object type Config
Type FeedType was added
Field otAgentPendingApproval was added to object type FlagList
Type GlobalUpdates was added
Field displayTag was added to object type IpList
Field displayTag was added to object type IpRange
Field tags was added to object type LeanAsset
Field addBasicCredentialsWithRole was added to object type Mutation
Field bulkDeleteOtAgents was added to object type Mutation
Field bulkOtAgentsScheduleEdit was added to object type Mutation
Field createPairingKey was added to object type Mutation
Field deleteOtAgent was added to object type Mutation
Field editIcpFeedUpdateSchedule was added to object type Mutation
Field editOtAgent was added to object type Mutation
Field feedUpdateICPs was added to object type Mutation
Field otAgentAction was added to object type Mutation
Field setAssetGroupsDisplayTag was added to object type Mutation
Field setBasicCredentialsWithRole was added to object type Mutation
Field testAdHocBasicCredentialsWithRole was added to object type Mutation
Type OtAgentAction was added
Type OtAgentDetails was added
Type OtAgentDetailsConnection was added
Type OtAgentDetailsEdge was added
Type OtAgentExpressionsParams was added
Type OtAgentScanResult was added
Type OtAgentSelectField was added
Type OtAgentSortParams was added
Type OtAgentSortParamsComplexFields was added
Type OtAgentStatus was added
Field globalUpdates was added to object type PairedIcp
Type PairingKeyResponse was added
Type PolicyFinding was added
Type PolicyFindingConnection was added
Type PolicyFindingEdge was added
Type PolicyFindingField was added
Type PolicyFindingsExpressionsParams was added
Type PolicyFindingsSortParams was added
Type PolicyFindingsSortParamsComplexFields was added
Field displayTag was added to object type PortGroup
Field displayTag was added to object type ProtocolGroup
Field checkForAllOtAgentUpdates was added to object type Query
Field checkForOtAgentUpdates was added to object type Query
Field dfeLatestUpdateVersion was added to object type Query
Field nessusLatestPluginSetVersion was added to object type Query
Field otAgent was added to object type Query
Field otAgents was added to object type Query
Field otAgentsRaw was added to object type Query
Field policyFindings was added to object type Query
Field suricataLatestPluginSetVersion was added to object type Query
Field systemLogRaw was added to object type Query
Type RawOtAgentComplexFieldParams was added
Type RawOtAgentComplexFieldParamsComplexFields was added
Type RawOtAgentComplexGroupingParams was added
Type RawOtAgentComplexGroupingParamsComplexFields was added
Type RawSystemLogComplexFieldParams was added
Type RawSystemLogComplexFieldParamsComplexFields was added
Type RawSystemLogComplexGroupingParams was added
Type RawSystemLogComplexGroupingParamsComplexFields was added
Field displayTag was added to object type RecurringGroup
Field displayTag was added to object type RuleGroup
Field displayTag was added to object type ScheduleFunction
Field displayTag was added to interface ScheduleGroup
Field displayTag was added to object type SegmentGroup
Field displayTag was added to object type TagGroup
Field displayTag was added to object type TimeInterval
Field Version.idsRuleSetDate description changed from IDS rule set version to IDS rule set last update date
Field idsRuleSetSchedule was added to object type Version
Field idsRuleSetScheduleEnabled was added to object type Version
Field idsRuleSetVersion was added to object type Version
Field Version.nessusPluginSetDate description changed from Nessus plugin set version to Nessus plugin set last update date
Field nessusPluginSetSchedule was added to object type Version
Field nessusPluginSetScheduleEnabled was added to object type Version
Field nessusPluginSetVersion was added to object type Version
Field piiUpdateDate was added to object type Version
Field piiUpdateSchedule was added to object type Version
Field piiUpdateScheduleEnabled was added to object type Version
Field piiUpdateVersion was added to object type Version
                            

Tenable OT Security 4.2.40 SP 3 (2025-05-28)

Bug Fix Defect ID
Tenable OT Security ensures that data returned by the Fetch Neighbors option in SNMP Query no longer cause unnecessary asset merging. NA
The German error messages for failed active queries now appear in the correct format. NA
Tenable OT Security now ensures that backup retention during upgrades is limited to only the two most recent versions, discarding backups of earlier versions. NA

Tenable OT Security 4.2.38 SP 2 (2025-05-09)

OT Security updated the embedded version of Nessus to 10.8.4 in response to the recent security advisory.

Nessus is not vulnerable in earlier OT Security versions.

For more information, see the Tenable Product Security Advisory.

Bug Fix Defect ID
Improved container log storage now ensures efficient disk usage and prevents machines from running out of space. 02234368
OT Security now ensures that importing an updated asset details CSV file (via Data Sources > Update Asset Details Using CSV File) works as expected. 01406014
OT Security ensures that IoT containers no longer hinder application startup or initialization. 02236749

Filenames and MD5 or SHA-256 checksums are posted at OT Security Downloads page.

May 8, 2025

Tenable is thrilled to announce some significant enhancements to your cloud product Workspace! We've redesigned the workspace to provide you with better visibility and access to Tenable products:

  • Improved Product Overview — You can now easily see both the products you've purchased and a range of other products available for exploration.

  • Detailed Product Information — Access More Details to demo the product, giving you in-depth knowledge about each product.

  • Product Utilization — We’ve added a utilization feature that shows the percentage of how much you’re using the subscribed products. It allows you to quickly direct you to the License Information page.

  • Trial Status Visibility — If you are currently evaluating a product or have done so within the past year, you will now see the status of the trial (In Trial or Trial Expired) directly in your workspace.

These changes are designed to help you get the most out of your Tenable solutions and discover new ways to enhance your security posture. To learn more, access the Workspace page via any Tenable cloud application.

Tenable OT Security 4.2.33 SP (2025-04-22)

This release addresses an issue that prevents the upgrade to 4.2.

Bug Fix Defect ID
Tenable OT Security now ensures that open ports referencing non-existent IPs no longer prevent an upgrade. NA

Filenames and MD5 or SHA-256 checksums are posted at OT Security Downloads page.

Tenable OT Security 4.2.32 (2025-04-16)

Advanced SNMP-based Network Discovery and Crawler

The SNMP Crawler enhances Layer 2 visibility, enabling security teams to gain a comprehensive understanding of OT network topology. Unlike many security vendors, OT Security leverages SNMP data to discover and map all connected devices and switches, even those that it cannot actively reach or passively monitor.

  • A new discovery engine in OT Security uses SNMP queries to discover new devices connected to a switch when SNMP credentials are available.

  • Under Related Assets, OT Security tracks assets and the devices they connect to. For example, a switch and the assets connected to it. OT Security also indicates the port to which the asset is connected.

  • You can use the Fetch Neighbors option on the SNMP query or Initial Enrichment for SNMP to obtain details from the nearby devices.

Intelligent Hardware Lifecycle Management

Manage the lifecycle of your hardware investments with a robust library of end-of-life plugins for OT/IoT devices in your environment, complementing existing software EOL tracking capabilities.

  • Extends vendor support to include Schneider and Siemens for lifecycle tracking. There are new vulnerability plugins reported on the assets for these vendors to indicate their support.

  • Includes a new device attribute filter for lifecycle in the Inventory page.

Flexible Windows-based OT Security Deployment (Beta)

The new sensor deployment option allows you to install OT Security sensors directly on Windows devices, eliminating the need for a dedicated appliance. This paves the way for future integrations, including potential Nessus compatibility.

  • An early-stage product that allows you to perform various OT queries such as discovery, identification, and backplane queries from a Windows computer to OT devices such as a PLC.

  • Provides operational visibility into segmented or isolated subnets, even in environments where only a PC is available or deploying OT Security appliances is not feasible.

Improvements to IoT Connectors

Gain deeper insights into IoT-related risks with advanced data extraction from connected IoT and Video Management Systems (VMS). Enhanced support for credentialed authentication on Windows and Ubuntu-installed IoT agents expands integration capabilities, improving asset visibility and large-scale management.

  • A significant number of performance improvements and stability fixes to the underlying IoT engine.

  • Support for VMS credentials, which effectively doubles the supported VMS matrix.

  • IoT Connectors also brings in details such as the asset names, models, and stream details.

Main Navigation Menu changes

A redesigned user experience simplifies navigation across OT Security. The latest navigation updates streamline how you access and manage critical OT Security data to speed up common workflows. Updates include a restructured main toolbar, an intuitive side panel for quick access to asset inventory, findings, and event details.

  • Includes a new Data Collection category consolidating Policies, Active Query Management, and the new Data Sources page.

  • Reorganization of Inventory pages as in-page tabs for quick access.

  • The Network Map page is now moved to the Network category for improved contextual visibility.

Less Rebooting Operations

  • OT Security will reboot less often for various configuration changes. Whenever a system restart is necessary, OT Security will opt for an application restart instead.

Support for Microsoft Hyper-V Deployments

  • You can now deploy OT Security as a virtual machine using a .zip file on Microsoft Hyper-V.

Supporting KVM, Proxmox, Nutanix, libvirt Deployments

  • OT Security can now be deployed using qcow2 image files to enable support for KVM-based virtualization platforms.

Tenable Software Updates

The embedded Tenable applications, Nessus, and Nessus Network Monitor are now upgraded to their latest releases.

Vulnerabilities

Tenable identifies several new vulnerabilities in this release. See the complete list here.

New Tenable OT Security Device Fingerprint Engine (DFE) Coverage

Vendor Product
ABB AC Series Drives
Automated Logic Corp

WebCtrl Industrial Gateways

WebCtrl BMS Controllers

Optiflex for WebCtrl
Benning Monitoring Control Unit (MCU)
Cisco Small Business Switches
Dahua Security Cameras and Video Recorders
Ingeteam INGECON Sun Solar Inverters
Microhard Cellular Modems
Schneider Powerlogic HDPM
Schneider Electric

ACM Power Meters

PowerLogic EGX
Siemens Siprotec5 Ethernet Communication Modules
Walchem WMT Cooling Tower Controllers
Bug Fix Defect ID
OT Security does not update the Last Seen timestamp on assets that the IoT Connector reported as Offline. N/A
OT Security removed a limitation on the number of tags captured during a PLC Code Snapshot from the Rockwell ControlLogix devices. N/A
Reverting to a version earlier than 4.2 no longer fails because of Tenable Core dependencies. N/A
The SNMPv3 credentials now correctly fetch SNMP port state or SNMP-connected neighbors. N/A
Some vulnerability plugins now show the status correctly as active or fixed for a single asset. 482636

For more information about OT Security APIs, see the API documentation.

Copy 
Enum value discontinuedDate was added to enum AggregationsAssetsField
Enum value hardwareState was added to enum AggregationsAssetsField
Enum value lifecycleStatus was added to enum AggregationsAssetsField
Enum value replacementProduct was added to enum AggregationsAssetsField
Enum value discontinuedDate was added to enum AssetField
Enum value hardwareState was added to enum AssetField
Enum value lifecycleStatus was added to enum AssetField
Enum value replacementProduct was added to enum AssetField
Enum value OtAgent was added to enum AssetSourceType
Enum value ReadOtAgents was added to enum Capability
Enum value ReadOverlappingIps was added to enum Capability
Enum value WriteOtAgents was added to enum Capability
Enum value WriteOverlappingIps was added to enum Capability
Enum value EmUpdateRequired was added to enum ErrorCategory
Enum value LicenseInactive was added to enum ErrorCategory
Enum value discontinuedDate was added to enum LinkField
Enum value hardwareState was added to enum LinkField
Enum value lifecycleStatus was added to enum LinkField
Enum value replacementProduct was added to enum LinkField
Enum value id was added to enum LogRecordField
Argument options: AgentAddOptionsParams added to field Mutation.addAgentIotConnector
Argument options: AgentEditOptionsParams added to field Mutation.editAgentIotConnector
Enum value OtAgent was added to enum OpenPortsSource
Enum value discontinuedDate was added to enum PluginsAssetsField
Enum value hardwareState was added to enum PluginsAssetsField
Enum value lifecycleStatus was added to enum PluginsAssetsField
Enum value replacementProduct was added to enum PluginsAssetsField
Argument countTimeout: Int (with default value) added to field Query.origins
Argument filter: OriginExpressionsParams added to field Query.origins
Argument search: String added to field Query.origins
Argument slowCount: Boolean added to field Query.origins
Argument sort: [OriginSortParams!] added to field Query.origins
Enum value BACnet was added to enum RelationshipType
Enum value Gateway was added to enum RelationshipType
Enum value SnmpCrawler was added to enum RelationshipType
 Input field queryNeighbors of type Boolean was added to input object type SnmpOptionsParams
Enum value assetDiscontinuedDate was added to enum findingField
Enum value assetHardwareState was added to enum findingField
Enum value assetLifecycleStatus was added to enum findingField
Enum value assetReplacementProduct was added to enum findingField
Type AgentAddOptionsParams was added
Field hasVmsCredentials was added to object type AgentConnector
Field version was added to object type AgentConnector
Field vmsConnectionStatus was added to object type AgentConnector
Field vmsDbIp was added to object type AgentConnector
Field vmsDbPort was added to object type AgentConnector
Field vmsPassword was added to object type AgentConnector
Field vmsUsername was added to object type AgentConnector
Type AgentEditOptionsParams was added
Type AgentVmsConnectionStatus was added
Field discontinuedDate was added to object type Asset
Field hardwareState was added to object type Asset
Field lifecycleStatus was added to object type Asset
Field replacementProduct was added to object type Asset
Type AssetRelationshipBacnetDetails was added
Type AssetRelationshipGatewayDetails was added
Type AssetRelationshipSnmpCrawlerDetails was added
Field version was added to object type ExacqConnector
Field FlagList.graphQLToggle is deprecated
Field FlagList.graphQLToggle has deprecation reason Deprecated since 4.2, flag not used anymore
Directive deprecated was added to field FlagList.graphQLToggle
Field FlagList.initialized is deprecated
Field FlagList.initialized has deprecation reason Deprecated since 4.2, flag not used anymore
Directive deprecated was added to field FlagList.initialized
Field FlagList.ipChange is deprecated
Field FlagList.ipChange has deprecation reason Deprecated since 4.2, flag not used anymore
Directive deprecated was added to field FlagList.ipChange
Type HardwareState was added
Field version was added to interface IotConnectorInfo
Field discontinuedDate was added to object type LeanAsset
Field hardwareState was added to object type LeanAsset
Field lifecycleStatus was added to object type LeanAsset
Field replacementProduct was added to object type LeanAsset
Field version was added to object type MilestoneConnector
Field version was added to object type MobotixConnector
Field bulkEditSensors was added to object type Mutation
Directive deprecated was added toArgument location of field initSystem in type Mutation
Directive deprecated was added toArgument time of field initSystem in type Mutation
Field reloadAuthProviderAfterChange was added to object type Mutation
Field supportActive was added to object type Origin
Type OriginExpressionsParams was added
Type OriginSelectField was added
Type OriginSortParams was added
Type OriginSortParamsComplexFields was added
Type SensorsBulkAction was added
Field queryNeighbors was added to object type Snmp
Field id was added to object type SystemLog
Field SystemLog.timeStamp is deprecated
Field SystemLog.timeStamp has deprecation reason Use lowercase timestamp instead
Directive deprecated was added to field SystemLog.timeStamp
Field timestamp was added to object type SystemLog

Filenames and MD5 or SHA-256 checksums are posted at OT Security Downloads page.

Tenable OT Security 4.1.45 SP (2025-03-19)

Bug Fix Defect ID
OT Security now ensures that assets are no longer incorrectly classified as Dahua IP Camera. NA
Creating new or duplicate Network Baseline Deviation policy now works as expected. NA
The Executive Report function now generates reports without any issues. NA
During upgrades, OT Security ensures that the current Influx process completes loading before running more Influx setup scripts. NA
OT Security ensures that BACnet assets with missing instance IDs now display them as expected. NA

Tenable OT Security 4.1.38 (2025-02-20)

Overlapping IP Address Support

  • In networks that reuse the same IP address ranges, OT Security prevents unintended asset merging by using sensors to differentiate them.

  • Each instance of a network reusing IP ranges requires a dedicated sensor. For example, three production lines with identical IP configurations would need three separate sensors to ensure asset distinction for each process line.

    For more information, see Duplicated Internal Networks.

IEC Substation Visibility

  • You can now import substation configuration data to enhance the asset inventory, enabling OT Security to deliver critical security insights into substation misconfigurations. For more information, see SCD Files.

Improved Nessus VM Scan Controls

Tenable now introduces the following new configuration options for user-defined Nessus Scans in OT Security. When creating a scan, you can adjust its speed, verbosity, and intensity. For more information, see Nessus Plugin Scans.

  • Thorough Tests

    • When performing a scan, Nessus can run additional in-depth checks on the system. Enabling this option enhances the thoroughness of the scan but also increases its duration.

    • Periodic use of Thorough scans benefits the "AI Aware" functionality in OT Security.

  • Higher Verbosity

    • Some plugins can produce a more data-rich output during a scan. However, you must enable this setting for the plugin to include the additional data in their plugin output.

    • When you select this option, the scan output includes the informational plugins: 56310, 64582, and 58651.

  • Scan Performance

    • Tenable now enables administrators to customize individual Nessus scan performance. These settings include the number of plugins evaluated against a target at the same time, concurrent scan target count, and timeout in seconds.

    • Lowering the max checks and max hosts values can reduce the impact of a scan. However, it can also increase the scan duration.

AI Aware Detections

Tenable's new AI detection features help you monitor your artificial intelligence applications and services. OT Security obtains data from your credentialed scans and then shows them on the Findings or Vulnerabilities workbenches.

Compliance Dashboard: NERC-CIP support

The Compliance dashboard now supports mapping controls within NERC CIP that are detectable with OT Security.

Enterprise Manager — Centralized Updates

Starting with the OT Security EM 4.1 release, system administrators can remotely upgrade their paired ICPs (running version 4.0 or later) to the same version as the EM. For more information, see ICP Updates.

This feature was added in OT Security 4.0 but functional from version 4.1.

Important: For the EM centralized updates to work, the ICP must be able to reach the EM on ports 28305 and 8000 (TCP).

CVSSv3 Scores on Findings — The Findings and Vulnerabilities tables now includes an additional column for CVSSv3.

Inventory "Select All" — The Select All checkbox is reinstated to the Inventory page for easier multiple selection.

Sensor Active Queries— Bulk Configuration —You can now bulk select and enable or disable the sensor active query behavior.

Network Ports Configuration — Configure network ports through the Tenable Core Cockpit interface on port 8000. You can now review and configure the roles of each network interface outside the application. For example: enabling split ports.

Vulnerabilities

Tenable identifies several new vulnerabilities in this release. See the complete list here.

New Tenable OT Security Device Fingerprint Engine (DFE) Coverage

Vendor Product
Moxa MGate 5000 Series
Sprecher Automation RTU
Elspec G5 Digital Fault Recorder
Wiesemann & Theis ComServer
Honeywell Experion C300PM, C300OM
Wago Controllers 750, PFC

For more information about OT Security APIs, see the API documentation.

Copy 
Field ntpChange was removed from object type FlagList
 Field ntpFault was removed from object type FlagList
 Field ntpServersUnreachable was removed from object type FlagList
 Field emSetSystemTime was removed from object type Mutation
 Argument keepNetworkConfig: Boolean! was removed from field Mutation.factoryReset
 Field setSystemTime was removed from object type Mutation
 Input field origins of type [String!] was added to input object type AssetDiscoveryOptionsParams
 Enum value Scd was added to enum AssetSourceType
 Enum value AlreadyExists was added to enum ErrorCategory
 Enum value ContentTooBig was added to enum ErrorCategory
 Enum value FailedToAllocateOverlapping was added to enum ErrorCategory
 Enum value NotContainingAnyAssets was added to enum ErrorCategory
 Enum value OverlappingNetsAlreadyInOrigin was added to enum ErrorCategory
 Enum value Processing was added to enum ErrorCategory
 Member IEC61850SubscribeFailure was added to Union type EventDetails
 Member IEC61850UnauthorizedWrite was added to Union type EventDetails
 Enum value IEC61850 was added to enum ExclusionType
 Enum value IEC61850SubscriptionFailure was added to enum IDSSrcDstEvent
 Enum value IEC61850UnauthorizedWrite was added to enum IDSSrcDstEvent
 Enum value awaitingFirstUse was added to enum IcpSensorField
 Enum value origin was added to enum IcpSensorField
 Argument origins: [String!] added to field Mutation.editNessusUserScan
 Argument settings: NessusUserScanSettingsArgs added to field Mutation.editNessusUserScan
 Argument origin: ID added to field Mutation.editSensor
 Argument origins: [String!] added to field Mutation.newNessusUserScan
 Argument settings: NessusUserScanSettingsArgs added to field Mutation.newNessusUserScan
 Argument origin: String added to field Mutation.testAdHocBasicCredentials
 Argument origin: String added to field Mutation.testAdHocPasswordOnlyCredentials
 Argument origin: String added to field Mutation.testAdHocSnmpV2Credentials
 Argument origin: String added to field Mutation.testAdHocSnmpV3Credentials
 Argument origin: String added to field Mutation.testCredentials
 Enum value cvss3Score was added to enum PluginField
 Enum value cvss3Score was added to enum PluginsAssetsField
 Enum value IEC61850SubscriptionFailure was added to enum PolicyEventType
 Enum value IEC61850UnauthorizedWrite was added to enum PolicyEventType
 Argument origins: [String!] added to field Query.getDiscoveryEstimation
 Argument dbOnly: Boolean added to field Query.nessusUserScan
 Argument dbOnly: Boolean added to field Query.nessusUserScans
 Enum value SensorAwaitingFirstUse was added to enum RemovableFlags
 Enum value pluginCvss3Score was added to enum findingField
Field origins was added to object type AssetDiscovery
Field scdSubscriptionsRecoByIedCsvIsRunning was added to object type FlagList
Field scdSubscriptionsRecoCsvIsRunning was added to object type FlagList
Field sensorAwaitingFirstUse was added to object type FlagList
Type IEC61850Exclusion was added
Type IEC61850SubscribeFailure was added
Type IEC61850UnauthorizedWrite was added
Type IcpUpdateStatus was added
Type IecReportClient was added
Type IecReportClientConnection was added
Type IecReportClientEdge was added
Field bulkEditSensorActive was added to object type Mutation
Field createOrigin was added to object type Mutation
Field deleteOrigin was added to object type Mutation
Field deleteOverlappingNetworks was added to object type Mutation
Field newIEC61850Exclusion was added to object type Mutation
Field scdMisconfigRecommendationByIedCsv was added to object type Mutation
Field scdMisconfigRecommendationCsv was added to object type Mutation
Field scdSubscriptionsRecommendationByIedCsv was added to object type Mutation
Field scdSubscriptionsRecommendationCsv was added to object type Mutation
Field updateOverlappingNetworks was added to object type Mutation
Field updateOverlappingPool was added to object type Mutation
Field origins was added to object type NessusUserScan
Field settings was added to object type NessusUserScan
Type NessusUserScanSettings was added
Type NessusUserScanSettingsArgs was added
Type NetworkUpdateInput was added
Type Origin was added
Type OriginConnection was added
Type OriginEdge was added
Field cvss3Score was added to object type Plugin
Field iecCanUploadScd was added to object type Query
Field iecReportsByAssetId was added to object type Query
Field iecScdsInfo was added to object type Query
Field isAssetIec was added to object type Query
Field origin was added to object type Query
Field origins was added to object type Query
Field overlappingPool was added to object type Query
Field scdRecommendationsCount was added to object type Query
Field scdRecommendationsCountByIed was added to object type Query
Field itemsCount was added to object type RuleGroup
Type ScdInfo was added
Type ScdInfoConnection was added
Type ScdInfoEdge was added
Type ScdRecommendations was added
Type SensorActiveAction was added
Field origin was added to object type SensorDetails
Field updateStatus was added to object type Update
Type thoroughTestsType was added
Type verbosityType was added

Filenames and MD5 or SHA-256 checksums are posted at OT Security Downloads page.