CVE-2017-6017

7.5HIGH

Key Information:

Vendor
Schneider Electric
Status
Schneider Electric Modicon M340 Plc
Vendor
CVE Published:
30 June 2017

Summary

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

Affected Version(s)

Schneider Electric Modicon M340 PLC Schneider Electric Modicon M340 PLC

References

https://www.schneider-electric.com/en/download/document/S...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96414
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.