Schneider Electric Magelis HMI Advanced Panel denial of service vulnerability (PanelShock)

2016-11-02T00:00:00
ID SSV:92511
Type seebug
Reporter Root
Modified 2016-11-02T00:00:00

Description

IMPROPER IMPLEMENTATION OF HTTP GET REQUEST (CVE-2016-8367 / SVE-82003201)

The timeout value for closing an HTTP client's requests in the Web Gate service is too long and allows a malicious attacker to open multiple connections to the targeted web server and keep them open for as long as possible by continuously sending partial HTTP requests, none of which are ever completed. The attacked server opens more and more connections, waiting for each of the attack requests to be completed, which enables a single computer to take down the Web Gate Server.

IMPROPER IMPLEMENTATION OF HTTP chunked Transfer-Encoding REQUEST (CVE-2016-8374 / SVE-82003202)

The timeout value between chunks for closing an HTTP chunked encoding connection in the Web Gate service is too long and allows a malicious attacker to keep the connection open by exploiting the maximum possible interval between chunks and by using the Content-Length header and buffer the whole result set before calculating the total content size, which keeps the connection alive and enables a single computer to take down the Web Gate Server.