Details of VAR-201609-0601

ID

VAR-201609-0601

TITLE

Schneider 140NOE77101 Ethernet module IP Protocol denial of service vulnerability

Trust: 0.8

sources: IVD: c7ccd9ab-5d82-4aca-9fec-27245c6d7ec3 // CNVD: CNVD-2016-07838

DESCRIPTION

140NOE77101 is an Ethernet communication module for Schneider's Quantum series PLC. 140NOE77101 There is a denial of service vulnerability in the IP protocol of the Ethernet module. The cause of this vulnerability is that the total length of the NOE module when receiving all fragments and recombining the message exceeds 65535 bytes

Trust: 0.72

sources: CNVD: CNVD-2016-07838 // IVD: c7ccd9ab-5d82-4aca-9fec-27245c6d7ec3

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: c7ccd9ab-5d82-4aca-9fec-27245c6d7ec3 // CNVD: CNVD-2016-07838

AFFECTED PRODUCTS

vendor:	schneider	model:	electric 140noe77101	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric 140noe77101	scope:	eq	version:	)	Trust: 0.2

sources: IVD: c7ccd9ab-5d82-4aca-9fec-27245c6d7ec3 // CNVD: CNVD-2016-07838

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-07838
value:	HIGH
Trust: 0.6
IVD:	c7ccd9ab-5d82-4aca-9fec-27245c6d7ec3
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2016-07838
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	c7ccd9ab-5d82-4aca-9fec-27245c6d7ec3
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: c7ccd9ab-5d82-4aca-9fec-27245c6d7ec3 // CNVD: CNVD-2016-07838

TYPE

Denial of service

Trust: 0.2

sources: IVD: c7ccd9ab-5d82-4aca-9fec-27245c6d7ec3

EXTERNAL IDS

db:	CNVD	id:	CNVD-2016-07838	Trust: 0.8
db:	IVD	id:	C7CCD9AB-5D82-4ACA-9FEC-27245C6D7EC3	Trust: 0.2

sources: IVD: c7ccd9ab-5d82-4aca-9fec-27245c6d7ec3 // CNVD: CNVD-2016-07838

SOURCES

db:	IVD	id:	c7ccd9ab-5d82-4aca-9fec-27245c6d7ec3
db:	CNVD	id:	CNVD-2016-07838

LAST UPDATE DATE

2022-05-17T01:57:42.680000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-07838

date:

2016-11-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	c7ccd9ab-5d82-4aca-9fec-27245c6d7ec3	date:	2016-09-22T00:00:00
db:	CNVD	id:	CNVD-2016-07838	date:	2016-11-08T00:00:00