Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Rockwell FactoryTalk View SE remote project backup download attempt

Rule Explanation

This rule looks for the use of the BackupHMI function in an HTTP request coming from a FactoryTalk device. This could be an indication of potential compromise.

What To Look For

This rule looks for the use of the BackupHMI function in an HTTP request coming from a FactoryTalk device. This could be an indication of potential compromise.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Impact

Technique: AppleScript

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Rule Vulnerability

Escalation of Privilege

An Escalation of Privilege (EOP) attack is any attack method that results in a user or application gaining permissions to access resources they normally would not have access to.

CVE Additional Information