SCADA IDS Signatures (SIS)

CRITIFENCE® SCADA IDS Signatures Database (SIS)

Siemens Tecnomatix FactoryLink CSService CSMSG path possible file download

Date Title Author SVE-ID
2016-03-03Siemens Tecnomatix FactoryLink CSService CSMSG path possible file downloadEmerging Threats Pro, NitroSecurityN/A
Description
This rule is distributed under the ET-PRO license that is available at http://rules.emergingthreats.net/open/snort-2.4.0/ETPRO-License.txt

Signature

						
							
								
alert tcp any any -> any 7580 (msg:"ETPRO SCADA Siemens Tecnomatix FactoryLink CSService CSMSG path possible file download";
 flow:to_server,established;
 content:"LEN|00|";
 depth:4;
 content:"|99|";
 distance:8;
 within:1;
 content:"|99  00 00 00 06  00 00 00 03  06|";
 pcre:"/^.{8}([A-Z]\x00?\x3a\x00?\x5c\x00?\x5c\x00?|\x2e\x00?\x2e\x00?\x5c\x00?)/Ri";
 classtype:attempted-recon;
 reference:url,digitalbond.com/tools/quickdraw/vulnerability-rules;
 sid:1111677;
 rev:1;
)