Intrusion Prevention

DNP3.Warm.Restart

Description

This indicates an attack attempt against a vulnerability in DNP3 SCADA system servers.
SCADA systems are used to control public utilities and large-scale industrial processes. The vulnerability is in the WarmRestart command that is part of the DNP3 protocol. A remote attacker may be able to use the WarmRestart command to force a PLC (Programmable Logic Controller) to restart repeatedly, creating a denial of service or causing loss of state information.

Affected Products

PLCs and other DNP3 servers

Impact

Denial of service
Reduced system integrity

Recommended Actions

Restrict access on the relevant ports. Investigate the source of the traffic to prevent further attacks.