Firmware Version Change Detected (Low)

low Tenable OT Security Plugin ID 503162

Synopsis

A firmware version change has been detected on the remote OT asset.

Description

Changes in the controller firmware represent a major change in the behavior of the device and usually cause a temporary interruption of operations. An attacker could use firmware changes to add malicious code to the controller, causing it to perform harmful operations which are hard to detect.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

1) Check whether the firmware change was made as part of scheduled work and whether the source of the operation is approved for making such changes.

2) If this was not part of a planned operation, check the source asset of the event to determine if it has been compromised.

Plugin Details

Severity: Low

ID: 503162

Version: 1.1

Type: remote

Family: Tenable.ot Violation

Published: 4/16/2025

Updated: 4/16/2025

Supported Sensors: Tenable OT Security

Detections

Analytics