CVE-2017-6017

EPSS 6.14%
Published 30.06.2017 03:29:00
Last modified 20.04.2025 01:37:25
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Bmxnoc0401 Firmware Version2.8

Schneider-electric ≫ Bmxnoc0401 Version-

Schneider-electric ≫ Bmxnoe0100 Firmware Version2.8

Schneider-electric ≫ Bmxnoe0100 Version-

Schneider-electric ≫ Bmxnoe0110 Firmware Version2.8

Schneider-electric ≫ Bmxnoe0110 Version-

Schneider-electric ≫ Bmxnoe0110h Firmware Version2.8

Schneider-electric ≫ Bmxnoe0110h Version-

Schneider-electric ≫ Bmxnor0200h Firmware Version2.8

Schneider-electric ≫ Bmxnor0200h Version-

Schneider-electric ≫ Modicon M340 Bmxp341000 Firmware Version2.8

Schneider-electric ≫ Modicon M340 Bmxp341000 Version-

Schneider-electric ≫ Modicon M340 Bmxp342000 Firmware Version2.8

Schneider-electric ≫ Modicon M340 Bmxp342000 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420102 Firmware Version2.8

Schneider-electric ≫ Modicon M340 Bmxp3420102 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420102cl Firmware Version2.8

Schneider-electric ≫ Modicon M340 Bmxp3420102cl Version-

Schneider-electric ≫ Modicon M340 Bmxp342020 Firmware Version2.8

Schneider-electric ≫ Modicon M340 Bmxp342020 Version-

Schneider-electric ≫ Modicon M340 Bmxp342020h Firmware Version2.8

Schneider-electric ≫ Modicon M340 Bmxp342020h Version-

Schneider-electric ≫ Modicon M340 Bmxp342030 Firmware Version2.8

Schneider-electric ≫ Modicon M340 Bmxp342030 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420302 Firmware Version2.8

Schneider-electric ≫ Modicon M340 Bmxp3420302 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420302h Firmware Version2.8

Schneider-electric ≫ Modicon M340 Bmxp3420302h Version-

Schneider-electric ≫ Modicon M340 Bmxp342030h Firmware Version2.8

Schneider-electric ≫ Modicon M340 Bmxp342030h Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.14%	0.898

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://www.securityfocus.com/bid/96414

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03

Third Party Advisory

US Government Resource

Mitigation

https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/

https://nvd.nist.gov/vuln/detail/CVE-2017-6017

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6017

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6017

EUVD