IcscertCVE-2016-8374CVE-2016-8374
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
35.6%
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | magelis_gtu_universal_panel_firmware | - | cpe:2.3:o:schneider-electric:magelis_gtu_universal_panel_firmware:-:*:*:*:*:*:*:* |
| schneider-electric | magelis_gtu_universal_panel | - | cpe:2.3:h:schneider-electric:magelis_gtu_universal_panel:-:*:*:*:*:*:*:* |
| schneider-electric | magelis_gto_advanced_optimum_panel_firmware | - | cpe:2.3:o:schneider-electric:magelis_gto_advanced_optimum_panel_firmware:-:*:*:*:*:*:*:* |
| schneider-electric | magelis_gto_advanced_optimum_panel | - | cpe:2.3:h:schneider-electric:magelis_gto_advanced_optimum_panel:-:*:*:*:*:*:*:* |
| schneider-electric | magelis_sto5_small_panel_firmware | - | cpe:2.3:o:schneider-electric:magelis_sto5_small_panel_firmware:-:*:*:*:*:*:*:* |
| schneider-electric | magelis_sto5_small_panel | - | cpe:2.3:h:schneider-electric:magelis_sto5_small_panel:-:*:*:*:*:*:*:* |
| schneider-electric | magelis_stu_small_panel_firmware | - | cpe:2.3:o:schneider-electric:magelis_stu_small_panel_firmware:-:*:*:*:*:*:*:* |
| schneider-electric | magelis_stu_small_panel | - | cpe:2.3:h:schneider-electric:magelis_stu_small_panel:-:*:*:*:*:*:*:* |
| schneider-electric | magelis_xbt_gh_advanced_hand-held_panel_firmware | - | cpe:2.3:o:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel_firmware:-:*:*:*:*:*:*:* |
| schneider-electric | magelis_xbt_gh_advanced_hand-held_panel | - | cpe:2.3:h:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Schneider Electric Magelis HMI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric Magelis HMI"
}
]
}
]Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
35.6%