17 matches found
EUVD-2019-16387
Malware in sbrugna...
CVE-2019-6833
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU, which could cause a temporary freeze of the HMI when a high rate of frames is receive...
Schneider Electric Magelis HMI Panels
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Magelis HMI Panel Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...
CVE-2019-6833
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU, which could cause a temporary freeze of the HMI when a high rate of frames is receive...
Design/Logic Flaw
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU, which could cause a temporary freeze of the HMI when a high rate of frames is receive...
CVE-2019-6833
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU, which could cause a temporary freeze of the HMI when a high rate of frames is receive...
CVE-2019-6833
CVE-2019-6833 affects Schneider Electric Magelis HMI Panels (HMIGTO/HMISTO/XBTGH/HMIGTU/HMIGTUX/HMISCU/HMISTU/XBTGT/XBTGC/HMIGXO/HMIGXU), where a high rate of frames can cause a temporary HMI freeze; after the rate subsides, buffered commands are processed. Affected firmware versions: all listed ...
CVE-2019-6833
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU, which could cause a temporary freeze of the HMI when a high rate of frames is receive...
CVE-2016-8374
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen...
CVE-2016-8367
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen...
CVE-2016-8367
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen...
CVE-2016-8374
CVE-2016-8374 affects Schneider Electric Magelis HMI panels (GTO, GTU, STO/STU, XBT lines) where the Web Gate Server Web UI can be overwhelmed, causing UNCONTROLLED RESOURCE CONSUMPTION and denial of service. Root cause is improper handling of HTTP requests leading to resource exhaustion; exploit...
CVE-2016-8367
CVE-2016-8367 affects Schneider Electric Magelis HMI panels (GTO, GTU, STO/STU, XBT) with web server functionality. The issue is uncontrolled resource consumption: an attacker can open multiple connections to the Web Gate Server and keep them open, causing denial of service by exhausting the serv...
Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-308-02A Schneider Electric Magelis HMI Resource Consumption Vulnerabilities that was published November 22, 2016, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of a public report of resource consumption...
Mitigations Available for PanelShock Vulnerabilities in Schneider HMIs
One week after addressing a critical vulnerability in its industrial controller management software, Schneider Electric is in the midst of handling two more serious flaws in a number of its Magelis HMI products. HMI is short for human machine interface, a graphical visualization of an industrial...
Schneider Electric Magelis HMI Advanced Panel denial of service vulnerability (PanelShock)
IMPROPER IMPLEMENTATION OF HTTP GET REQUEST CVE-2016-8367 / SVE-82003201 The timeout value for closing an HTTP client's requests in the Web Gate service is too long and allows a malicious attacker to open multiple connections to the targeted web server and keep them open for as long as possible b...
Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-308-02A Schneider Electric Magelis HMI Resource Consumption Vulnerabilities that was published November 22, 2016, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of a public report of resource consumption...