Vulnerability Description
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Bmxnoc0401 Firmware | 2.8 |
| Schneider-Electric | Bmxnoc0401 | - |
| Schneider-Electric | Bmxnoe0100 Firmware | 2.8 |
| Schneider-Electric | Bmxnoe0100 | - |
| Schneider-Electric | Bmxnoe0110 Firmware | 2.8 |
| Schneider-Electric | Bmxnoe0110 | - |
| Schneider-Electric | Bmxnoe0110H Firmware | 2.8 |
| Schneider-Electric | Bmxnoe0110H | - |
| Schneider-Electric | Bmxnor0200H Firmware | 2.8 |
| Schneider-Electric | Bmxnor0200H | - |
| Schneider-Electric | Modicon M340 Bmxp341000 Firmware | 2.8 |
| Schneider-Electric | Modicon M340 Bmxp341000 | - |
| Schneider-Electric | Modicon M340 Bmxp342000 Firmware | 2.8 |
| Schneider-Electric | Modicon M340 Bmxp342000 | - |
| Schneider-Electric | Modicon M340 Bmxp3420102 Firmware | 2.8 |
| Schneider-Electric | Modicon M340 Bmxp3420102 | - |
| Schneider-Electric | Modicon M340 Bmxp3420102Cl Firmware | 2.8 |
| Schneider-Electric | Modicon M340 Bmxp3420102Cl | - |
| Schneider-Electric | Modicon M340 Bmxp342020 Firmware | 2.8 |
| Schneider-Electric | Modicon M340 Bmxp342020 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96414Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03MitigationThird Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/
- http://www.securityfocus.com/bid/96414Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03MitigationThird Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/
FAQ
What is CVE-2017-6017?
CVE-2017-6017 is a vulnerability with a CVSS score of 7.5 (HIGH). A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP...
How severe is CVE-2017-6017?
CVE-2017-6017 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6017?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Bmxnoc0401 Firmware, Schneider-Electric Bmxnoc0401, Schneider-Electric Bmxnoe0100 Firmware, Schneider-Electric Bmxnoe0100, Schneider-Electric Bmxnoe0110 Firmware.