The invention relates to an industrial control vulnerability mining method based on protocol state diagram depth traversal. The method comprises the steps of (1) obtaining the network data packets of a target device, and preprocessing the network data packets to obtain a data packet set to be analyzed, (2) carrying out partitioning processing on the data packets in the data packet set to be analyzed to obtain a large number of protocol base blocks, (3) extracting a constraint association relation between protocol base blocks in a single data packet and a state transfer association relation between the data packets, and constructing a protocol state diagram on the above basis, (4) traversing the protocol state diagram according to a depth-first mode, and generating and sending a corresponding malformed data packet, and (5) detecting whether the target device is alive, compiling a POC script according to the malformed data packet to carry out vulnerability verification if the target device is failed, and thus finding a security vulnerability in the target device. According to the method, security vulnerabilitys in Internet of things and industrial control system devices can be effectively found, and a problem of poor effectiveness of a traditional vulnerability mining method is solved.