Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-8367

Опубликовано: 13 фев. 2017
Источник: nvd
CVSS3: 5.3
CVSS2: 5
EPSS Средний

Описание

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:schneider-electric:magelis_gtu_universal_panel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:magelis_gtu_universal_panel:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:schneider-electric:magelis_gto_advanced_optimum_panel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:magelis_gto_advanced_optimum_panel:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:schneider-electric:magelis_sto5_small_panel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:magelis_sto5_small_panel:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:schneider-electric:magelis_stu_small_panel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:magelis_stu_small_panel:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

cpe:2.3:o:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel:-:*:*:*:*:*:*:*
Конфигурация 8

Одновременно

cpe:2.3:o:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.13711
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

github логотип

GHSA-97r7-8j3p-vc44

CVSS3: 5.3
github
больше 3 лет назад

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.

EPSS

Процентиль: 94%
0.13711
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400