SCADA IDS Signatures (SIS)

CRITIFENCE® SCADA IDS Signatures Database (SIS)

RealFlex RealWin SCADA On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY Buffer Overflow

Date Title Author SVE-ID
2016-03-03RealFlex RealWin SCADA On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY Buffer OverflowEmerging Threats Pro, NitroSecurityN/A
Description
This rule is distributed under the ET-PRO license that is available at http://rules.emergingthreats.net/open/snort-2.4.0/ETPRO-License.txt

Signature

						
							
								
alert tcp any any -> any 910 (msg:"ETPRO SCADA RealFlex RealWin SCADA On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY Buffer Overflow";
 flow:to_server,established;
 isdataat:215;
 content:"|10 23 54 67|";
 offset:0;
 byte_test:4,>,200,0,relative,little;
 content:"|02 00 10 00|";
 distance:6;
 within:4;
 classtype:attempted-user;
 reference:url,digitalbond.com/tools/quickdraw/vulnerability-rules;
 sid:1111652;
 rev:1;
)