List OT Vulnerabilities
Use this API function to retrieve a list of the vulnerabilities detected on assets in your network. The response contains a list of all the assets with details like name, hardware version, category, vendor name, asset Id, asset module, IP address and so on. If the total count exceeds the number of results returned, you can fetch the next page by calling the API again with the next page number.
API Version History
The following table provides the information about the different versions of this API along with the status:
| API Version | Endpoints | Status | EOS Timeline | EOL Timeline |
|---|---|---|---|---|
| 1.0 | /ot/1.0/detection/list | Active | N/A | N/A |
| v1 | /ot/v1/detection/list | End-of-support (EOS) | July 2025 - December 2025 | January 2026 |
For more information on API versioning, refer to API Versioning.
1.0 API
Input ParametersInput Parameters
|
Parameter |
Mandatory/ Optional |
Data Type |
Description |
|---|---|---|---|
|
filter |
Optional |
String |
Filter the events list by providing a query using Qualys syntax. Refer to the How to Search topic in the online help for assistance with creating your query. For example - vulnerabilities.qid:"590191" Refer to the list of tokens you can use to build the query: |
|
pageNumber |
Optional |
Integer |
The page to be returned. Starts from zero. |
|
pageSize |
Optional |
Integer |
Provide the number of records per page to be included in the response. Default: 50 Maximum: 100 For example, the total result set is 50 assets. If the page size is specified as 10, then the result is divided in 5 pages with 10 assets each. |
|
sort |
Optional |
String |
Sort the results using a Qualys Search token. By default, the result is sorted by [{"vulnerabilities.lastDetected":"desc"}] |
|
Authorization |
Mandatory |
String |
Authorization token to authenticate to the Qualys Cloud Platform. Prepend token with "Bearer" and one space. For example - Bearer authToken |
If you use a REST client such as Postman, use encodeURIComponent for encoding input parameters.
Sample 1: Vulnerabilities last detectedSample 1: Vulnerabilities last detected
The following sample requests a list of last detected vulnerabilities. The request fetches the vulnerability posture of the assets in your industrial network. The response has QID, vulnerability title, severity level (1-5) determined by the security risk associated with its exploitation, when the vulnerability was last detected on the asset, when the vulnerability was first detected on the asset and so on.
API Request
curl -X GET
"<qualys_base_url>/ot/1.0/detection/list?sort=%5B%7B%22vulnerabilities.lastDetected%22%3A%22asc%22%7D%5D"
--header "Authorization: Bearer <JWT Token>"
Response Headers
transfer-encoding: chunked
X-RateLimit-Remaining: 284
X-RateLimit-Window-Sec: 3600
X-RateLimit-Limit: 300
count: 10
vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/json
Date: Mon, 09 Jan 2023 06:06:26 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer
The count header shows the total number of records available in the response.
Response
{
"vulnerabilities": [
{
"qid": 590250,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens S7-400 CPUs (Update A) Multiple Vulnerabilities(ICSA-18-317-02)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2018-16556",
"CVE-2018-16557"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Denial of Service"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Potential"
},
{
"qid": 590362,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens Industrial Real-Time (IRT) Devices (Update E) Vulnerability(ICSA-19-283-01)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2019-10923"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590401,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens Industrial Products (Update Q) DoS Vulnerability(ICSA-17-339-01)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2017-12741"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Denial of Service"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590247,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update D) Vulnerability(ICSA-18-079-02)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2018-4843"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Denial of Service"
],
"criticality": "MEDIUM",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590246,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs (Update B) Multiple Vulnerabilities(ICSA-16-327-02)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2016-8672",
"CVE-2016-8673"
],
"status": "NEW",
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590400,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens PROFINET Devices (Update I) DoS Vulnerability(ICSA-19-283-02)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2019-10936"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590204,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens SIMATIC S7-300 and S7-400 CPUs (Update C) Vulnerability(ICSA-20-252-02)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2020-15791"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit"
],
"criticality": "MEDIUM",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590462,
"assetUuid": "f7e1bb4e-4d8d-33ce-9f21-81425e65fd42",
"assetId": 3657807,
"assetModuleId": 116907,
"title": "Omron PLC CJ Series DoS Vulnerability (ICSA-20-063-03)",
"severity": 3,
"lastDetected": "2022-12-26T05:15:31.204Z",
"firstDetected": "2022-12-26T05:15:31.204Z",
"patchable": true,
"cveIds": [
"CVE-2020-6986"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Denial of Service"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590464,
"assetUuid": "f7e1bb4e-4d8d-33ce-9f21-81425e65fd42",
"assetId": 3657807,
"assetModuleId": 116907,
"title": "Omron PLC CJ, CS and NJ Series Vulnerability (ICSA-19-346-03)",
"severity": 3,
"lastDetected": "2022-12-26T05:15:31.204Z",
"firstDetected": "2022-12-26T05:15:31.204Z",
"patchable": true,
"cveIds": [
"CVE-2019-18261"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Wormable",
"Unauthenticated Exploitation",
"Remote Code Execution"
],
"criticality": "CRITICAL",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590463,
"assetUuid": "f7e1bb4e-4d8d-33ce-9f21-81425e65fd42",
"assetId": 3657807,
"assetModuleId": 116907,
"title": "Omron PLC CJ and CS Series Multiple Vulnerabilities (ICSA-19-346-02)",
"severity": 3,
"lastDetected": "2022-12-26T05:15:31.204Z",
"firstDetected": "2022-12-26T05:15:31.204Z",
"patchable": true,
"cveIds": [
"CVE-2019-18269",
"CVE-2019-18259",
"CVE-2019-13533"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Wormable",
"Privilege Escalation",
"Unauthenticated Exploitation",
"Remote Code Execution"
],
"criticality": "CRITICAL",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
}
]
}The following sample requests a list of vulnerabilities based on QID. The request fetches the vulnerability posture of the assets in your industrial network. The response has QID, vulnerability title, severity level (1-5) determined by the security risk associated with its exploitation, when the vulnerability was last detected on the asset, when the vulnerability was first detected on the asset and so on.
API Request
curl -X GET
"<qualys_base_url>/ot/1.0/detection/list?filter=qid:590191"
--header "Authorization: Bearer <JWT Token>"
Response Headers
transfer-encoding: chunked
X-RateLimit-Remaining: 284
X-RateLimit-Window-Sec: 3600
X-RateLimit-Limit: 300
count: 4
vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/json
Date: Mon, 09 Jan 2023 06:06:26 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer
The count header shows the total number of records available in the response.
Response
{
"vulnerabilities": [
{
"qid": 590191,
"assetUuid": "87a86c74-d8b2-3235-8b8a-1dba2087c06e",
"assetId": 3656453,
"assetModuleId": 116465,
"title": "Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) Vulnerability(ICSA-19-099-06)",
"severity": 4,
"lastDetected": "2022-12-26T05:13:14.112Z",
"firstDetected": "2022-12-24T05:09:55.178Z",
"rack": 1,
"slot": 1,
"patchable": true,
"cveIds": [
"CVE-2019-6568"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590191,
"assetUuid": "5213ae3c-c22f-3ee0-812b-eeda68f98882",
"assetId": 3538308,
"assetModuleId": 108707,
"title": "Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) Vulnerability(ICSA-19-099-06)",
"severity": 4,
"lastDetected": "2022-12-26T05:13:03.832Z",
"firstDetected": "2022-08-08T06:01:11.346Z",
"patchable": true,
"cveIds": [
"CVE-2019-6568"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590191,
"assetUuid": "6fe88480-6f21-3b63-9d06-0033aa80f9ac",
"assetId": 3538295,
"assetModuleId": 108709,
"title": "Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) Vulnerability(ICSA-19-099-06)",
"severity": 4,
"lastDetected": "2022-12-26T04:12:49.413Z",
"firstDetected": "2022-08-08T06:01:34.153Z",
"patchable": true,
"cveIds": [
"CVE-2019-6568"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590191,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) Vulnerability(ICSA-19-099-06)",
"severity": 4,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-08-08T06:01:11.669Z",
"patchable": true,
"cveIds": [
"CVE-2019-6568"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
}
]
}The following sample requests a list of vulnerabilities detected on assets using the filter as asset UUID. The request fetches the vulnerability posture of the asset defined by UUID in your industrial network. The response has QID, vulnerability title, severity level (1-5) determined by the security risk associated with its exploitation, when the vulnerability was last detected on the asset, when the vulnerability was first detected on the asset and so on.
API Request
curl -X GET
"<qualys_base_url>/ot/1.0/detection/list?filter=vulnerabilities.assetUuid:96efbc4c-2ed4-3d12-ad85-a60f87e91bcd"
--header "Authorization: Bearer <JWT Token>"
Response Headers
transfer-encoding: chunked
X-RateLimit-Remaining: 284
X-RateLimit-Window-Sec: 3600
X-RateLimit-Limit: 300
count: 5
vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/json
Date: Mon, 09 Jan 2023 06:06:26 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer
The count header shows the total number of records available in the response.
Response
{
"vulnerabilities": [
{
"qid": 591207,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC Industrial Products Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-041-01, SSA-838121)",
"severity": 4,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-12-24T03:09:49.867Z",
"patchable": true,
"cveIds": [
"CVE-2021-37185",
"CVE-2021-37204",
"CVE-2021-37205"
],
"status": "ACTIVE",
"threatIntel": [
"Denial of Service"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590191,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) Vulnerability(ICSA-19-099-06)",
"severity": 4,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-08-08T06:01:11.669Z",
"patchable": true,
"cveIds": [
"CVE-2019-6568"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 591127,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC S7-1200 and S7-1500 CPU Families Weak Key Protection Vulnerability (SSA-568427,icsa-22-286-04)",
"severity": 4,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-11-11T09:17:36.311Z",
"patchable": true,
"cveIds": [
"CVE-2022-38465"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590241,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC S7-1500 (Update A) Vulnerability(ICSA-20-042-11)",
"severity": 3,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-08-08T06:01:11.669Z",
"patchable": true,
"cveIds": [
"CVE-2019-19281"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit",
"Denial of Service"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590210,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A) Multiple Vulnerabilities(ICSA-19-344-06)",
"severity": 3,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-08-08T06:01:11.669Z",
"patchable": true,
"cveIds": [
"CVE-2019-10943",
"CVE-2019-10929"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
}
]
}v1 API
Input ParametersInput Parameters
|
Parameter |
Mandatory/ Optional |
Data Type |
Description |
|---|---|---|---|
|
filter |
Optional |
String |
Filter the events list by providing a query using Qualys syntax. Refer to the How to Search topic in the online help for assistance with creating your query. For example - vulnerabilities.qid:"590191" Refer to the list of tokens you can use to build the query: |
|
pageNumber |
Optional |
Integer |
The page to be returned. Starts from zero. |
|
pageSize |
Optional |
Integer |
Provide the number of records per page to be included in the response. Default: 50 Maximum: 100 For example, the total result set is 50 assets. If the page size is specified as 10, then the result is divided in 5 pages with 10 assets each. |
|
sort |
Optional |
String |
Sort the results using a Qualys Search token. By default, the result is sorted by [{"vulnerabilities.lastDetected":"desc"}] |
|
Authorization |
Mandatory |
String |
Authorization token to authenticate to the Qualys Cloud Platform. Prepend token with "Bearer" and one space. For example - Bearer authToken |
If you use a REST client such as Postman, use encodeURIComponent for encoding input parameters.
Sample 1: Vulnerabilities last detectedSample 1: Vulnerabilities last detected
The following sample requests a list of last detected vulnerabilities. The request fetches the vulnerability posture of the assets in your industrial network. The response has QID, vulnerability title, severity level (1-5) determined by the security risk associated with its exploitation, when the vulnerability was last detected on the asset, when the vulnerability was first detected on the asset and so on.
API Request
curl -X GET
"<qualys_base_url>/ot/v1/detection/list?sort=%5B%7B%22vulnerabilities.lastDetected%22%3A%22asc%22%7D%5D"
--header "Authorization: Bearer <JWT Token>"
Response Headers
transfer-encoding: chunked
X-RateLimit-Remaining: 284
X-RateLimit-Window-Sec: 3600
X-RateLimit-Limit: 300
count: 10
vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/json
Date: Mon, 09 Jan 2023 06:06:26 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer
The count header shows the total number of records available in the response.
Response
{
"vulnerabilities": [
{
"qid": 590250,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens S7-400 CPUs (Update A) Multiple Vulnerabilities(ICSA-18-317-02)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2018-16556",
"CVE-2018-16557"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Denial of Service"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Potential"
},
{
"qid": 590362,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens Industrial Real-Time (IRT) Devices (Update E) Vulnerability(ICSA-19-283-01)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2019-10923"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590401,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens Industrial Products (Update Q) DoS Vulnerability(ICSA-17-339-01)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2017-12741"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Denial of Service"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590247,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update D) Vulnerability(ICSA-18-079-02)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2018-4843"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Denial of Service"
],
"criticality": "MEDIUM",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590246,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs (Update B) Multiple Vulnerabilities(ICSA-16-327-02)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2016-8672",
"CVE-2016-8673"
],
"status": "NEW",
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590400,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens PROFINET Devices (Update I) DoS Vulnerability(ICSA-19-283-02)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2019-10936"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590204,
"assetUuid": "8586a02e-ee7b-3f9e-bd49-805f15781373",
"assetId": 3658029,
"assetModuleId": 116944,
"title": "Siemens SIMATIC S7-300 and S7-400 CPUs (Update C) Vulnerability(ICSA-20-252-02)",
"severity": 3,
"lastDetected": "2022-12-26T06:05:24.822Z",
"firstDetected": "2022-12-26T06:05:24.822Z",
"patchable": true,
"cveIds": [
"CVE-2020-15791"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit"
],
"criticality": "MEDIUM",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590462,
"assetUuid": "f7e1bb4e-4d8d-33ce-9f21-81425e65fd42",
"assetId": 3657807,
"assetModuleId": 116907,
"title": "Omron PLC CJ Series DoS Vulnerability (ICSA-20-063-03)",
"severity": 3,
"lastDetected": "2022-12-26T05:15:31.204Z",
"firstDetected": "2022-12-26T05:15:31.204Z",
"patchable": true,
"cveIds": [
"CVE-2020-6986"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Denial of Service"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590464,
"assetUuid": "f7e1bb4e-4d8d-33ce-9f21-81425e65fd42",
"assetId": 3657807,
"assetModuleId": 116907,
"title": "Omron PLC CJ, CS and NJ Series Vulnerability (ICSA-19-346-03)",
"severity": 3,
"lastDetected": "2022-12-26T05:15:31.204Z",
"firstDetected": "2022-12-26T05:15:31.204Z",
"patchable": true,
"cveIds": [
"CVE-2019-18261"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Wormable",
"Unauthenticated Exploitation",
"Remote Code Execution"
],
"criticality": "CRITICAL",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590463,
"assetUuid": "f7e1bb4e-4d8d-33ce-9f21-81425e65fd42",
"assetId": 3657807,
"assetModuleId": 116907,
"title": "Omron PLC CJ and CS Series Multiple Vulnerabilities (ICSA-19-346-02)",
"severity": 3,
"lastDetected": "2022-12-26T05:15:31.204Z",
"firstDetected": "2022-12-26T05:15:31.204Z",
"patchable": true,
"cveIds": [
"CVE-2019-18269",
"CVE-2019-18259",
"CVE-2019-13533"
],
"status": "NEW",
"threatIntel": [
"Easy Exploit",
"Wormable",
"Privilege Escalation",
"Unauthenticated Exploitation",
"Remote Code Execution"
],
"criticality": "CRITICAL",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
}
]
}The following sample requests a list of vulnerabilities based on QID. The request fetches the vulnerability posture of the assets in your industrial network. The response has QID, vulnerability title, severity level (1-5) determined by the security risk associated with its exploitation, when the vulnerability was last detected on the asset, when the vulnerability was first detected on the asset and so on.
API Request
curl -X GET
"<qualys_base_url>/ot/v1/detection/list?filter=qid:590191"
--header "Authorization: Bearer <JWT Token>"
Response Headers
transfer-encoding: chunked
X-RateLimit-Remaining: 284
X-RateLimit-Window-Sec: 3600
X-RateLimit-Limit: 300
count: 4
vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/json
Date: Mon, 09 Jan 2023 06:06:26 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer
The count header shows the total number of records available in the response.
Response
{
"vulnerabilities": [
{
"qid": 590191,
"assetUuid": "87a86c74-d8b2-3235-8b8a-1dba2087c06e",
"assetId": 3656453,
"assetModuleId": 116465,
"title": "Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) Vulnerability(ICSA-19-099-06)",
"severity": 4,
"lastDetected": "2022-12-26T05:13:14.112Z",
"firstDetected": "2022-12-24T05:09:55.178Z",
"rack": 1,
"slot": 1,
"patchable": true,
"cveIds": [
"CVE-2019-6568"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590191,
"assetUuid": "5213ae3c-c22f-3ee0-812b-eeda68f98882",
"assetId": 3538308,
"assetModuleId": 108707,
"title": "Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) Vulnerability(ICSA-19-099-06)",
"severity": 4,
"lastDetected": "2022-12-26T05:13:03.832Z",
"firstDetected": "2022-08-08T06:01:11.346Z",
"patchable": true,
"cveIds": [
"CVE-2019-6568"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590191,
"assetUuid": "6fe88480-6f21-3b63-9d06-0033aa80f9ac",
"assetId": 3538295,
"assetModuleId": 108709,
"title": "Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) Vulnerability(ICSA-19-099-06)",
"severity": 4,
"lastDetected": "2022-12-26T04:12:49.413Z",
"firstDetected": "2022-08-08T06:01:34.153Z",
"patchable": true,
"cveIds": [
"CVE-2019-6568"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590191,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) Vulnerability(ICSA-19-099-06)",
"severity": 4,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-08-08T06:01:11.669Z",
"patchable": true,
"cveIds": [
"CVE-2019-6568"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
}
]
}The following sample requests a list of vulnerabilities detected on assets using the filter as asset UUID. The request fetches the vulnerability posture of the asset defined by UUID in your industrial network. The response has QID, vulnerability title, severity level (1-5) determined by the security risk associated with its exploitation, when the vulnerability was last detected on the asset, when the vulnerability was first detected on the asset and so on.
API Request
curl -X GET
"<qualys_base_url>/ot/v1/detection/list?filter=vulnerabilities.assetUuid:96efbc4c-2ed4-3d12-ad85-a60f87e91bcd"
--header "Authorization: Bearer <JWT Token>"
Response Headers
transfer-encoding: chunked
X-RateLimit-Remaining: 284
X-RateLimit-Window-Sec: 3600
X-RateLimit-Limit: 300
count: 5
vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/json
Date: Mon, 09 Jan 2023 06:06:26 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer
The count header shows the total number of records available in the response.
Response
{
"vulnerabilities": [
{
"qid": 591207,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC Industrial Products Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-041-01, SSA-838121)",
"severity": 4,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-12-24T03:09:49.867Z",
"patchable": true,
"cveIds": [
"CVE-2021-37185",
"CVE-2021-37204",
"CVE-2021-37205"
],
"status": "ACTIVE",
"threatIntel": [
"Denial of Service"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590191,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) Vulnerability(ICSA-19-099-06)",
"severity": 4,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-08-08T06:01:11.669Z",
"patchable": true,
"cveIds": [
"CVE-2019-6568"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 591127,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC S7-1200 and S7-1500 CPU Families Weak Key Protection Vulnerability (SSA-568427,icsa-22-286-04)",
"severity": 4,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-11-11T09:17:36.311Z",
"patchable": true,
"cveIds": [
"CVE-2022-38465"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590241,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC S7-1500 (Update A) Vulnerability(ICSA-20-042-11)",
"severity": 3,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-08-08T06:01:11.669Z",
"patchable": true,
"cveIds": [
"CVE-2019-19281"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit",
"Denial of Service"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
},
{
"qid": 590210,
"assetUuid": "96efbc4c-2ed4-3d12-ad85-a60f87e91bcd",
"assetId": 3538314,
"assetModuleId": 108708,
"title": "Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A) Multiple Vulnerabilities(ICSA-19-344-06)",
"severity": 3,
"lastDetected": "2022-12-26T03:12:30.459Z",
"firstDetected": "2022-08-08T06:01:11.669Z",
"patchable": true,
"cveIds": [
"CVE-2019-10943",
"CVE-2019-10929"
],
"status": "ACTIVE",
"threatIntel": [
"Easy Exploit"
],
"criticality": "HIGH",
"vulnCategory": "ICS",
"typeDetected": "Confirmed"
}
]
}