RichBaldry Is Sophos aware of and working on this?
Under 58906, 58907 on the ID.
Astaro IPS Rules
UTM - 9.713-19 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SATA HDD | GB Ethernet x5
Well I tried to reply to this topic, but my reply was actually being moderated and labeled as 'spam'.
At any rate, let's see if this works - IPS rules has two listings for it. Astaro IPS Rules
Thanks for the info! Unfortunately the Snort site doesn't have details on the two IDs. I'm afraid that the Snort software itself needs to be updated by/on Sophos though. I currently see Snort Version 18.104.22.168 on a 9.710-1 Sophos UTM. I found this interesting link which states that the Snort engine can be delivered by Sophos via the pattern updates. That's why I tried to ask RichBaldry here.
You should create a Support Case to get this answer.
Yes this is on our radar and we are working on a patch for the current snort engine. In the meantime, the risk of this being used by an external attacker is virtually eliminated by blocking inbound TCP connections on TCP port 502.
Thank you! Publicly here in the Sophos Community the info should be useful for the time being.