Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Rockwell FactoryTalk View SE remote code execution attempt

Rule Explanation

This rule looks for a large number of page requests to ASP files in a short period of time to the Rockwell FactoryTalk server in an attempt win a race condition to trigger an attackers uploaded ASP file.

What To Look For

This rule looks for a large number of page requests to ASP files in a short period of time to the Rockwell FactoryTalk server in an attempt win a race condition to trigger an attackers uploaded ASP file.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Execution

Technique: AppleScript

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Rule Vulnerability

Escalation of Privilege

An Escalation of Privilege (EOP) attack is any attack method that results in a user or application gaining permissions to access resources they normally would not have access to.

CVE Additional Information