SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER Schneider Electric ClearSCADA authentication bypass attempt
This rule will alert when there's a malicious pattern of bytes sent towards a vulnerable ClearSCADA server. These bytes are sent towards the destination port 5481 and allows remote attackers to read database records by leveraging access to the guest account.
This rule looks for a malicious pattern of bytes sent to a vulnerable ClearSCADA server. These bytes are intended to exploit CVE-2014-5412 which is related to an authentication bypass attempt in the server.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
Authentication Bypass
An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.
CVE-2014-5412 |
Loading description
|