CVE-2016-8367

EPSS 13.71%
Published 13.02.2017 21:59:01
Last modified 20.04.2025 01:37:25
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Magelis Gtu Universal Panel Firmware Version-

Schneider-electric ≫ Magelis Gtu Universal Panel Version-

Schneider-electric ≫ Magelis Gto Advanced Optimum Panel Firmware Version-

Schneider-electric ≫ Magelis Gto Advanced Optimum Panel Version-

Schneider-electric ≫ Magelis Sto5 Small Panel Firmware Version-

Schneider-electric ≫ Magelis Sto5 Small Panel Version-

Schneider-electric ≫ Magelis Stu Small Panel Firmware Version-

Schneider-electric ≫ Magelis Stu Small Panel Version-

Schneider-electric ≫ Magelis Xbt Gh Advanced Hand-held Panel Firmware Version-

Schneider-electric ≫ Magelis Xbt Gh Advanced Hand-held Panel Version-

Schneider-electric ≫ Magelis Xbt Gk Advanced Touchscreen Panel With Keyboard Firmware Version-

Schneider-electric ≫ Magelis Xbt Gk Advanced Touchscreen Panel With Keyboard Version-

Schneider-electric ≫ Magelis Xbt Gt Advanced Touchscreen Panel Firmware Version-

Schneider-electric ≫ Magelis Xbt Gt Advanced Touchscreen Panel Version-

Schneider-electric ≫ Magelis Xbt Gtw Advanced Open Touchscreen Panel Firmware Version-

Schneider-electric ≫ Magelis Xbt Gtw Advanced Open Touchscreen Panel Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.71%	0.936

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://www.securityfocus.com/bid/94093

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2016-8367

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-8367

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-8367

EUVD