Detections
Analytics
Device Status Modification Detected (Critical)
critical Tenable OT Security Plugin ID 503189
Synopsis
A device status modification has been detected on the remote OT asset.Description
Changes in the controller state can stop operations altogether or start an operation that should not have been started. These operations can be used by an attacker to disrupt normal operation, cause production losses, or create safety concerns.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
1) Check whether the status change was made as part of scheduled maintenance work and that the source of the operation is approved to perform it.2) Verify with an OT engineer that the new state is the desired state.
3) If this was not part of a planned operation, check the source asset of the event to determine if it was compromised.
Plugin Details
Severity: Critical
ID: 503189
Version: 1.1
Type: remote
Family: Tenable.ot Violation
Published: 5/5/2025
Updated: 5/5/2025
Supported Sensors: Tenable OT Security