Intrusion Prevention

DNP3.Cold.Restart

Description

This indicates that a "Cold Restart" command was sent to a DNP3 device by an authorized DNP3 client. This will cause the device to restart and execute power up self-tests. The device will be unavailable for a time and a malicious attacker can continuously send this command and cause a Denial of Service condition.
The Distributed Network Protocol (DNP3) is an industry standard for inter-operations between devices and is commonly found in SCADA systems. DNP3 enables data and command exchange between a sever and a client device. The server sends commands and controls the operation of a client device.

Affected Products

DNP3 servers and clients.

Impact

Denial of Service

Recommended Actions

Limit network access to vulnerable devices. Investigate the source of the traffic to prevent further attacks.