Controller Code Upload Detected (High)

high Tenable OT Security Plugin ID 503172

Synopsis

A controller code upload has been detected on the OT asset.

Description

An upload of the controller code has been detected over the network. When not part of regular operations, a code upload can be used to gather information about the controller behavior as part of reconnaissance activity.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

1) Check whether the upload was done as part of scheduled maintenance work and whether the source of the operation is approved for making such changes.

2) If this was not part of a planned operation, check the source asset of the event to determine if it has been compromised.

Plugin Details

Severity: High

ID: 503172

Version: 1.1

Type: remote

Published: 5/5/2025

Updated: 5/5/2025

Supported Sensors: Tenable OT Security