The success of an attack on a computer system depends on at least one vulnerability being exploited; it can be technical, human or organizational. Very often, vulnerability analysis of an industrial control system (ICS) is limited to a technical aspect. This chapter presents a generic approach to analyze the vulnerabilities of an ICS. These systems offer a number of potential entry points, which define the attack surface, and which are useful to know in order to implement the appropriate measures. The generic attack surface of an ICS is shown in the chapter. It shows intrusion points, targets and measurements. Before presenting the most exhaustive list of ICS's vulnerabilities, the chapter presents the vulnerabilities that are most often identified during the analyses. Finally, the chapter presents the vulnerabilities of conventional industrial systems and Industrial Internet of Things systems and methodological or technical tools to analyze the vulnerability of an ICS system.