The invention discloses a vulnerability scanning method, device and system, and an industrial control system. The method comprises steps of converting a scanning request sent by a vulnerability scanning server into a protocol adopted by industrial control equipment; sending the converted scanning request to the industrial control equipment; converting a scanning result fed back by the industrial control equipment into an Ethernet protocol; and carrying out vulnerability scanning by the vulnerability scanning server for the converted scanning result. The invention solves the problem that the related technology cannot support vulnerability scanning in the industrial control system of the non-conventional network port.