Versions (4)
Version DetailsCurrent
Rev: 5 • Jul 20, 2023, 12:00 PMET DELETED [Rockwell/CISA] ENIP CIP Socket Object unconnected readwith unusual length detected
alert tcp any any -> any 44818 (msg:"ET DELETED [Rockwell/CISA] ENIP CIP Socket Object unconnected readwith unusual length detected"; flow:established,to_server; content:"|42 03|"; fast_pattern; content:"|6F 00|"; depth:2; content:"|B2 00|"; offset:30; depth:90; content:"|4D|"; within:1; distance:2; byte_jump:1,0,relative,multiplier 2; byte_test:4,>,0x7FFFFFFF,4,relative,little; content:"|B2 00|"; offset:30; depth:90; content:"|4D|"; within:1; distance:2; byte_extract:1,0,toss,relative,multiplier 2; content:"|42 03|"; within:toss; reference:cve,2023-3595; reference:cve,2023-3596; classtype:attempted-admin; sid:2046878; rev:5; metadata:created_at 2023_07_20, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_24;)
Jul 20, 2023, 12:00 PM
Apr 24, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 22, 2025, 9:34 PM
rules/emerging-deleted.rules