Detections
Analytics
Device Mode Transition Detected (Critical)
critical Tenable OT Security Plugin ID 503193
Synopsis
A device mode transition has been detected on the OT asset.Description
The state of the controller code changed, regardless of the state expected by the process. When not part of scheduled maintenance, forcing can be used to introduce hard-to-detect, long-lasting changes that are harmful to operations.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
1) Check whether the transition was made as part of scheduled maintenance work and verify that the source of the operation is approved to perform this operation.2) Verify with an OT engineer that the forced value matches the desired value.
3) If this was not part of a planned operation, check the source asset of the event to determine if it has been compromised.
Plugin Details
Severity: Critical
ID: 503193
Version: 1.1
Type: remote
Family: Tenable.ot Violation
Published: 5/5/2025
Updated: 5/5/2025
Supported Sensors: Tenable OT Security