Device Status Modification Detected (Critical)

critical Tenable OT Security Plugin ID 503189

Synopsis

A device status modification has been detected on the remote OT asset.

Description

Changes in the controller state can stop operations altogether or start an operation that should not have been started. These operations can be used by an attacker to disrupt normal operation, cause production losses, or create safety concerns.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

1) Check whether the status change was made as part of scheduled maintenance work and that the source of the operation is approved to perform it.

2) Verify with an OT engineer that the new state is the desired state.

3) If this was not part of a planned operation, check the source asset of the event to determine if it was compromised.

Plugin Details

Severity: Critical

ID: 503189

Version: 1.1

Type: remote

Published: 5/5/2025

Updated: 5/5/2025

Supported Sensors: Tenable OT Security