This study addresses escalating security threats to Industrial Internet of Things (IIoT) devices. To systematically characterize risks, we identify and classify representative IIoT devices and their operational contexts, establishing a novel three-dimensional taxonomy linking vulnerabilities, attack chains, and system impacts tailored to industrial environments. Leveraging real-world attack incidents, we conduct rigorous attribution analysis to uncover critical attack surfaces and propagation pathways. Building on these insights, we propose a lightweight machine learning–based anomaly detection method that fuses heterogeneous multi-source features, enabling dynamic threat perception and real-time response on resource-constrained edge devices. Experimental evaluation demonstrates 96.8% detection accuracy for both known and zero-day attacks while maintaining a low false positive rate (<2.3%), significantly enhancing industrial system resilience. Key contributions include: (1) the first comprehensive vulnerability classification framework for IIoT; (2) a systematic attack attribution analysis methodology; and (3) a deployable, edge-optimized ML detection model.

The main objective of this technical report is to conduct a comprehensive study on devices operating within Industrial Internet of Things (IIoT) environments, describing the scenarios that define this category and analysing the vulnerabilities that compromise their security. To this end, the report seeks to identify and examine the main classes of IIoT devices, detailing their characteristics, functionalities, and roles within industrial systems. This analysis enables a better understanding of how these devices interact and fulfil the requirements of critical industrial environments. The report also explores the specific contexts in which these devices operate, highlighting the distinctive features of industrial scenarios and the conditions under which the devices function. Furthermore, it analyses the vulnerabilities affecting IIoT devices, outlining their vectors, targets, impact, and consequences. The report then describes the typical phases of an attack, along with a selection of real-world documented incidents. These cases are classified according to the taxonomy presented in Section 3, providing a comprehensive view of the potential threats to security and assessing the impact these vulnerabilities may have on industrial environments. Finally, the report presents a compilation of some of the most recent and effective security countermeasures as potential solutions to the security challenges faced by industrial systems. Special emphasis is placed on the role of Machine Learning in the development of these approaches, underscoring its importance in enhancing industrial cybersecurity.