ET DELETED [Rockwell/CISA] ENIP CIP Socket Object unconnected readwith unusual length detected

SID: 2046878Rev: 50 viewsHistory

Sourceet/open

CreatedJuly 20, 2023

UpdatedApril 24, 2024

Classificationattempted-admin

alert tcp any any -> any 44818 (msg:"ET DELETED [Rockwell/CISA] ENIP CIP Socket Object unconnected readwith unusual length detected"; flow:established,to_server; content:"|42 03|"; fast_pattern; content:"|6F 00|"; depth:2; content:"|B2 00|"; offset:30; depth:90; content:"|4D|"; within:1; distance:2; byte_jump:1,0,relative,multiplier 2; byte_test:4,>,0x7FFFFFFF,4,relative,little; content:"|B2 00|"; offset:30; depth:90; content:"|4D|"; within:1; distance:2; byte_extract:1,0,toss,relative,multiplier 2; content:"|42 03|"; within:toss; reference:cve,2023-3595; reference:cve,2023-3596; classtype:attempted-admin; sid:2046878; rev:5; metadata:created_at 2023_07_20, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_24;)

References

cve	2023-3595
cve	2023-3596

Metadata

created at2023_07_20

signature severityUnknown

tagDescription_Generated_By_Proofpoint_Nexus

updated at2024_04_24

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!