Configuration Download Detected (Critical)

critical Tenable OT Security Plugin ID 503177

Synopsis

A configuration download has been detected on the remote OT asset.

Description

The system detected a change in the controller configuration that was made via the network.
An attacker may use configuration changes to disrupt normal operations, to cause production losses, or to create a security threat.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

1) Check whether the change was made as part of scheduled work and whether the source of the operation is approved for making such changes.

2) In the code revision tab, check if the code has changed. If it has changed, validate with an OT engineer that it matches the planned scope.

3) If this was not part of a planned operation, check the source asset of the event to determine if it has been compromised.

Plugin Details

Severity: Critical

ID: 503177

Version: 1.1

Type: remote

Published: 5/5/2025

Updated: 5/5/2025

Supported Sensors: Tenable OT Security