Can I use this on live production systems?

Testing on active production systems is not recommended without a scheduled maintenance window and a verified rollback plan, as active scanning can impact sensitive OT processes.

Does it support vendor-specific SCADA software?

Yes, it includes specialized assessment parameters for common systems like Siemens WinCC and Ignition SCADA, though the core framework is applicable across most HMI vendors.

What specific HMI vulnerabilities does it check for?

It checks for weak authentication, default credentials, insecure HMI-to-PLC communication protocols, web vulnerabilities like XSS and CSRF, and specific CVEs such as CVE-2025-0921.

What standards does this skill align with?

This skill is specifically aligned with IEC 62443 and NIST SP 800-82 guidelines, which are the industry standards for industrial automation and control systems security.

SCADA HMI Security Assessment

Name: SCADA HMI Security Assessment
Author: mukul975

bymukul975

•

4,121

•

安全与测试

Performs comprehensive security audits of Industrial Control System (ICS) Human-Machine Interfaces against IEC 62443 and NIST SP 800-82 standards.

This skill enables Claude to conduct structured security evaluations of SCADA HMI systems, focusing on critical Operational Technology (OT) vulnerabilities. It automates the assessment of authentication mechanisms, role-based access controls, HMI-to-PLC communication encryption, and web-based interface security. By providing domain-specific checks for common industrial software like Siemens WinCC and Ignition SCADA, it helps security professionals identify risks such as unauthorized setpoint changes, alarm suppression, and insecure remote access, ensuring compliance with global industrial cybersecurity frameworks.

主要功能

01Web HMI vulnerability scanning for XSS, CSRF, and privileged file access

02Authentication auditing against ISA-62443-3-3 security requirements

034,121 GitHub stars

04Compliance reporting with IEC 62443 Security Level (SL) mapping

05Communication analysis for HMI-to-PLC protocols and TLS encryption

06System hardening verification including OS patching and service management

使用场景

01Preparing for IEC 62443 or NERC CIP compliance assessments

02Evaluating the security posture of web-based SCADA interfaces

03Auditing HMI communication integrity during maintenance windows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-scada-hmi-security-assessment

For use in Claude.ai and ChatGPT

主要功能

01Web HMI vulnerability scanning for XSS, CSRF, and privileged file access

02Authentication auditing against ISA-62443-3-3 security requirements

034,121 GitHub stars

04Compliance reporting with IEC 62443 Security Level (SL) mapping

05Communication analysis for HMI-to-PLC protocols and TLS encryption

06System hardening verification including OS patching and service management

使用场景

01Preparing for IEC 62443 or NERC CIP compliance assessments

02Evaluating the security posture of web-based SCADA interfaces

03Auditing HMI communication integrity during maintenance windows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-scada-hmi-security-assessment

For use in Claude.ai and ChatGPT