Tenable OT Security 2025 Release Notes

Tip: You can subscribe to receive alerts for Tenable documentation updates.

(Early Access) Tenable OT Security 4.1.34 (2025-02-06)

Overlapping IP Address Support

  • In networks that reuse the same IP address ranges, OT Security prevents unintended asset merging by using sensors to differentiate them.

  • Each instance of a network reusing IP ranges requires a dedicated sensor. For example, three production lines with identical IP configurations would need three separate sensors to ensure asset distinction for each process line.

    For more information, see Duplicated Internal Networks.

IEC Substation Visibility

  • You can now import substation configuration data to enhance the asset inventory, enabling OT Security to deliver critical security insights into substation misconfigurations. For more information, see SCD Files.

Improved Nessus VM Scan Controls

Tenable now introduces the following new configuration options for user-defined Nessus Scans in OT Security. When creating a scan, you can adjust its speed, verbosity, and intensity. For more information, see Nessus Plugin Scans.

  • Thorough Tests

    • When performing a scan, Nessus can run additional in-depth checks on the system. Enabling this option enhances the thoroughness of the scan but also increases its duration.

    • Periodic use of Thorough scans benefits the "AI Aware" functionality in OT Security.

  • Higher Verbosity

    • Some plugins can produce a more data-rich output during a scan. However, you must enable this setting for the plugin to include the additional data in their plugin output.

    • When you select this option, the scan output includes the informational plugins: 56310, 64582, and 58651.

  • Scan Performance

    • Tenable now enables administrators to customize individual Nessus scan performance. These settings include the number of plugins evaluated against a target at the same time, concurrent scan target count, and timeout in seconds.

    • Lowering the max checks and max hosts values can reduce the impact of a scan. However, it can also increase the scan duration.

AI Aware Detections

Tenable's new AI detection features help you monitor your artificial intelligence applications and services. OT Security obtains data from your credentialed scans and then shows them on the Findings or Vulnerabilities workbenches.

Compliance Dashboard: NERC-CIP support

The Compliance dashboard now supports mapping controls within NERC CIP that are detectable with OT Security.

Enterprise Manager — Centralized Updates

Starting with the OT Security EM 4.1 release, system administrators can remotely upgrade their paired ICPs (running version 4.0 or later) to the same version as the EM. For more information, see ICP Updates.

Note: This feature was added in OT Security 4.0 but functional from version 4.1.

CVSSv3 Scores on Findings — The Findings and Vulnerabilities tables now includes an additional column for CVSSv3.

Inventory "Select All" — The Select All checkbox is reinstated to the Inventory page for easier multiple selection.

Sensor Active Queries— Bulk Configuration —You can now bulk select and enable or disable the sensor active query behavior.

Network Ports Configuration — Configure network ports through the Tenable Core Cockpit interface on port 8000. You can now review and configure the roles of each network interface outside the application. For example: enabling split ports.

Vulnerabilities

Tenable identifies several new vulnerabilities in this release. See the complete list here.

New Tenable OT Security Device Fingerprint Engine (DFE) Coverage

Vendor Product
Moxa MGate 5000 Series
Sprecher Automation RTU
Elspec G5 Digital Fault Recorder
Wiesemann & Theis ComServer
Honeywell Experion C300PM, C300OM
Wago Controllers 750, PFC

Filenames and MD5 or SHA-256 checksums are posted at OT Security Downloads page.