CVE-2016-8374 (GCVE-0-2016-8374)
Vulnerability from cvelistv5
Published
2017-02-13 21:00
Modified
2024-08-06 02:20
Severity ?
CWE
  • Schneider Electric Magelis HMI Resource Consumption
Summary
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.
References
Impacted products
Vendor Product Version
n/a Schneider Electric Magelis HMI Version: Schneider Electric Magelis HMI
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:20:30.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
          },
          {
            "name": "94093",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94093"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric Magelis HMI",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric Magelis HMI"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Schneider Electric Magelis HMI Resource Consumption",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-14T10:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
        },
        {
          "name": "94093",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94093"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-8374",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric Magelis HMI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric Magelis HMI"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Schneider Electric Magelis HMI Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
            },
            {
              "name": "94093",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94093"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2016-8374",
    "datePublished": "2017-02-13T21:00:00",
    "dateReserved": "2016-09-28T00:00:00",
    "dateUpdated": "2024-08-06T02:20:30.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8374\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2017-02-13T21:59:01.283\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.\"},{\"lang\":\"es\",\"value\":\"Ha sido descubierto un problema en Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, todas las versiones, Magelis GTU Universal Panel, todas las versiones, Magelis STO5xx and STU Small panels, todas las versiones, Magelis XBT GH Advanced Hand-held Panels, todas las versiones, Magelis XBT GK Advanced Touchscreen Panels con Keyboard, todas las versiones, Magelis XBT GT Advanced Touchscreen Panels, todas las versiones y Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). Un atacante puede ser capaz de interrumpir un servidor web objetivo, causando una denegaci\u00f3n de servicio por UNCONTROLLED RESOURCE CONSUMPTION.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_gtu_universal_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67686731-11C6-4A70-86EA-C20D4A5E00C0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_gtu_universal_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9338C7D9-7F38-4B34-BDB0-95563240A189\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_gto_advanced_optimum_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"453B800A-F3A0-4B22-961E-67F2EBAB292D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_gto_advanced_optimum_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDCA8937-DC4C-41C1-A1CC-BF4DA36C942D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_sto5_small_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E0BA1A0-E0B9-46A0-86C4-4C82A2EFCFC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_sto5_small_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4FFCC32-67D5-4120-8BA8-C56C860CFEE4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_stu_small_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DF991F7-68D1-489A-BEDF-468F38E8B481\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_stu_small_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88823BB1-E5A0-4835-943F-C13EEA51F77A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50F7724E-7DBF-499B-BCD1-A02B86478555\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"126EDAD4-D08C-42B0-A621-596FCA27CF80\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B73A3B3-686C-4F64-A398-C4E810A36FF7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B98FB31-BF55-48EA-A284-627C431090CF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48F17071-598B-4361-8AA4-E60DC1CF02AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92DF2AF4-045C-4E8E-AF10-A3BC0C824419\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"229C5A41-9D33-4224-9AD8-E4C683DDD7FF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"735F7A66-E882-431B-B8C9-046289A20DF0\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94093\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/94093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.