""ET WEB_SPECIFIC_APPS Inductive Automation remoteSystemID Check (CVE-2023-39476)""
SID: 2047920
Revision: 1
Class Type: attempted-admin
Metadata: created_at 2023_09_05, cve CVE_2023_39476, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_09_05, reviewed_at 2023_09_05
Reference:
-
cve
-
2023-39476
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "GET"
-
Value: "/system/ws-control-servelet?name=" Depth: 33
-
Value: "uuid="
-
Value: "url=http|3a 2f 2f|localhost/system"
-
Value: "Connection|3a 20|"
-
Value: "Sec-WebSocket-Version|3a 20|"
-
Value: "Sec-WebSocket-Key|3a 20|"
-
Value: "Upgrade|3a 20|"
-
Value: "User-Agent|3a 20|"
-
Value: "Host|3a 20|"
Within:
PCRE: "/url=http|3a\x202f\x202f|localhost\/system$/U"
Special Options:
-
http_method
-
http_uri
-
fast_pattern
-
http_uri
-
http_uri
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header