Vulnerability CVE-2017-6017


Published: 2017-06-29   Modified: 2017-06-30

Description:
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Schneider-electric -> Bmxp342030h firmware 
Schneider-electric -> M340 plc firmware 
Schneider-electric -> Bmxnoc0401 firmware 
Schneider-electric -> Bmxnoe0100 firmware 
Schneider-electric -> Bmxnoe0110 firmware 
Schneider-electric -> Bmxnoe0110h firmware 
Schneider-electric -> Bmxnor0200h firmware 
Schneider-electric -> Bmxp341000 firmware 
Schneider-electric -> Bmxp342000 firmware 
Schneider-electric -> Bmxp3420102 firmware 
Schneider-electric -> Bmxp3420102cl firmware 
Schneider-electric -> Bmxp342020 firmware 
Schneider-electric -> Bmxp342020h firmware 
Schneider-electric -> Bmxp3420302 firmware 
Schneider-electric -> Bmxp3420302h firmware 
Schneider-electric -> Bmxp342030 firmware 

 References:
http://www.securityfocus.com/bid/96414
https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03
https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/

Copyright 2024, cxsecurity.com

 

Back to Top