Vulnerability Details : CVE-2016-8367
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.
Products affected by CVE-2016-8367
- cpe:2.3:o:schneider-electric:magelis_gtu_universal_panel_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:magelis_gto_advanced_optimum_panel_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:magelis_sto5_small_panel_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:magelis_stu_small_panel_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel_firmware:-:*:*:*:*:*:*:*When used together with: Schneider-electric » Magelis Xbt Gh Advanced Hand-held Panel » Version: N/A
- Schneider-electric » Magelis Xbt Gk Advanced Touchscreen Panel With Keyboard Firmware » Version: N/Acpe:2.3:o:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware:-:*:*:*:*:*:*:*When used together with: Schneider-electric » Magelis Xbt Gk Advanced Touchscreen Panel With Keyboard » Version: N/A
- cpe:2.3:o:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel_firmware:-:*:*:*:*:*:*:*When used together with: Schneider-electric » Magelis Xbt Gt Advanced Touchscreen Panel » Version: N/A
- cpe:2.3:o:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware:-:*:*:*:*:*:*:*When used together with: Schneider-electric » Magelis Xbt Gtw Advanced Open Touchscreen Panel » Version: N/A
Exploit prediction scoring system (EPSS) score for CVE-2016-8367
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8367
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2016-8367
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8367
-
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02
Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update B) | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/94093
Schneider Electric Magelis HMI Multiple Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
Jump to