CVE-2016-8367

CVE-2016-8367 affects Schneider Electric Magelis HMI panels (GTO, GTU, STO/STU, XBT) with web server functionality. The issue is uncontrolled resource consumption: an attacker can open multiple connections to the Web Gate Server and keep them open, causing denial of service by exhausting the serv...

CVE-2016-8367

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen...

Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-308-02A Schneider Electric Magelis HMI Resource Consumption Vulnerabilities that was published November 22, 2016, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of a public report of resource consumption...

Schneider Electric Magelis HMI Advanced Panel Remote Denial Of Service (CVE-2016-8367; CVE-2016-8374)

A denial of service vulnerability exists in Schneider Electric Magelis HMI Advanced Panel, AKA Panelshock. The vulnerability is due to insufficient validation of incoming requests. A remote attacker can exploit this vulnerability by enticing an authenticated user to view crafted web content. This...