A The integration of information and network technology into industries has led to the widespread use of software. Unfortunately, these software designs may contain defects and vulnerabilities pose risks that could endanger safety. To ensure safety, it is essential to assess and analyze software vulnerabilities and implement adequate security measures. However, existing vulnerability assessment models cannot measure the severity of industrial software vulnerabilities which pose a significant challenge. To overcome this issue, a vulnerability threat assessment model for industrial software is proposed based on the Common Vulnerability Scoring System (CVSS 3.1). The proposed model is tailored to the specific characteristics of the scenarios of industrial software. The proposed model introduces three new indicator factors: device security, information security, and life safety which were inferred using a Bayesian network model. These factors are adjusted according to the lifecycle of industrial software vulnerabilities. The proposed model accurately scores vulnerabilities in industrial software examples and provides a basis for effective vulnerability repair and reinforcement in the industrial software field.