CVE-2016-8374 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Magelis Gtu Universal Panel Firmware	-
Schneider-Electric	Magelis Gtu Universal Panel	-
Schneider-Electric	Magelis Gto Advanced Optimum Panel Firmware	-
Schneider-Electric	Magelis Gto Advanced Optimum Panel	-
Schneider-Electric	Magelis Sto5 Small Panel Firmware	-
Schneider-Electric	Magelis Sto5 Small Panel	-
Schneider-Electric	Magelis Stu Small Panel Firmware	-
Schneider-Electric	Magelis Stu Small Panel	-
Schneider-Electric	Magelis Xbt Gh Advanced Hand-Held Panel Firmware	-
Schneider-Electric	Magelis Xbt Gh Advanced Hand-Held Panel	-
Schneider-Electric	Magelis Xbt Gk Advanced Touchscreen Panel With Keyboard Firmware	-
Schneider-Electric	Magelis Xbt Gk Advanced Touchscreen Panel With Keyboard	-
Schneider-Electric	Magelis Xbt Gt Advanced Touchscreen Panel Firmware	-
Schneider-Electric	Magelis Xbt Gt Advanced Touchscreen Panel	-
Schneider-Electric	Magelis Xbt Gtw Advanced Open Touchscreen Panel Firmware	-
Schneider-Electric	Magelis Xbt Gtw Advanced Open Touchscreen Panel	-

Related Weaknesses (CWE)

CWE-400

References

http://www.securityfocus.com/bid/94093Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/94093Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2016-8374?

CVE-2016-8374 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all version...

How severe is CVE-2016-8374?

CVE-2016-8374 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-8374?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Magelis Gtu Universal Panel Firmware, Schneider-Electric Magelis Gtu Universal Panel, Schneider-Electric Magelis Gto Advanced Optimum Panel Firmware, Schneider-Electric Magelis Gto Advanced Optimum Panel, Schneider-Electric Magelis Sto5 Small Panel Firmware.