Lucene search

[email protected]CVE-2016-8367

HistoryFeb 13, 2017 - 9:59 p.m.

CVE-2016-8367

2017-02-1321:59:01

CWE-400

[email protected]

web.nvd.nist.gov

cve-2016-8367

schneider electric

magelis hmi

web server

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.7%

JSON

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.

Affected configurations

NVD

Node

schneider-electricmagelis_gtu_universal_panel_firmwareMatch-

AND

schneider-electricmagelis_gtu_universal_panelMatch-

Node

schneider-electricmagelis_gto_advanced_optimum_panel_firmwareMatch-

AND

schneider-electricmagelis_gto_advanced_optimum_panelMatch-

Node

schneider-electricmagelis_sto5_small_panel_firmwareMatch-

AND

schneider-electricmagelis_sto5_small_panelMatch-

Node

schneider-electricmagelis_stu_small_panel_firmwareMatch-

AND

schneider-electricmagelis_stu_small_panelMatch-

Node

schneider-electricmagelis_xbt_gh_advanced_hand-held_panel_firmwareMatch-

AND

schneider-electricmagelis_xbt_gh_advanced_hand-held_panelMatch-

Node

schneider-electricmagelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmwareMatch-

AND

schneider-electricmagelis_xbt_gk_advanced_touchscreen_panel_with_keyboardMatch-

Node

schneider-electricmagelis_xbt_gt_advanced_touchscreen_panel_firmwareMatch-

AND

schneider-electricmagelis_xbt_gt_advanced_touchscreen_panelMatch-

Node

schneider-electricmagelis_xbt_gtw_advanced_open_touchscreen_panel_firmwareMatch-

AND

schneider-electricmagelis_xbt_gtw_advanced_open_touchscreen_panelMatch-

CPENameOperatorVersion
schneider-electric:magelis_gtu_universal_panel_firmwareschneider-electric magelis gtu universal panel firmwareeq-

CPE	Name	Operator	Version
schneider-electric:magelis_gtu_universal_panel_firmware	schneider-electric magelis gtu universal panel firmware	eq	-

CNA Affected

[
  {
    "product": "Schneider Electric Magelis HMI",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Schneider Electric Magelis HMI"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94093

ics-cert.us-cert.gov/advisories/ICSA-16-308-02

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.7%

JSON

Related for CVE-2016-8367

nvd1 prion1 cvelist1 threatpost1 seebug1 checkpoint_advisories1 ics2