Lucene search

K
cve[email protected]CVE-2017-6017
HistoryJun 30, 2017 - 3:29 a.m.

CVE-2017-6017

2017-06-3003:29:00
CWE-400
web.nvd.nist.gov
31
schneider electric
modicon m340 plc
resource exhaustion
cve-2017-6017
nvd
security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.004 Low

EPSS

Percentile

73.0%

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

Affected configurations

NVD
Node
schneider-electricbmxnoc0401Match-
AND
schneider-electricbmxnoc0401_firmwareMatch2.8
Node
schneider-electricbmxnoe0100Match-
AND
schneider-electricbmxnoe0100_firmwareMatch2.8
Node
schneider-electricbmxnoe0110Match-
AND
schneider-electricbmxnoe0110_firmwareMatch2.8
Node
schneider-electricbmxnoe0110hMatch-
AND
schneider-electricbmxnoe0110h_firmwareMatch2.8
Node
schneider-electricbmxnor0200hMatch-
AND
schneider-electricbmxnor0200h_firmwareMatch2.8
Node
schneider-electricmodicon_m340_bmxp341000Match-
AND
schneider-electricmodicon_m340_bmxp341000_firmwareMatch2.8
Node
schneider-electricmodicon_m340_bmxp342000Match-
AND
schneider-electricmodicon_m340_bmxp342000_firmwareMatch2.8
Node
schneider-electricmodicon_m340_bmxp3420102Match-
AND
schneider-electricmodicon_m340_bmxp3420102_firmwareMatch2.8
Node
schneider-electricmodicon_m340_bmxp3420102cl_firmwareMatch2.8
AND
schneider-electricmodicon_m340_bmxp3420102clMatch-
Node
schneider-electricmodicon_m340_bmxp342020_firmwareMatch2.8
AND
schneider-electricmodicon_m340_bmxp342020Match-
Node
schneider-electricmodicon_m340_bmxp342020h_firmwareMatch2.8
AND
schneider-electricmodicon_m340_bmxp342020hMatch-
Node
schneider-electricmodicon_m340_bmxp342030_firmwareMatch2.8
AND
schneider-electricmodicon_m340_bmxp342030Match-
Node
schneider-electricmodicon_m340_bmxp3420302_firmwareMatch2.8
AND
schneider-electricmodicon_m340_bmxp3420302Match-
Node
schneider-electricmodicon_m340_bmxp3420302h_firmwareMatch2.8
AND
schneider-electricmodicon_m340_bmxp3420302hMatch-
Node
schneider-electricmodicon_m340_bmxp342030h_firmwareMatch2.8
AND
schneider-electricmodicon_m340_bmxp342030hMatch-

CNA Affected

[
  {
    "product": "Schneider Electric Modicon M340 PLC",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Schneider Electric Modicon M340 PLC"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.004 Low

EPSS

Percentile

73.0%

Related for CVE-2017-6017