Details of VAR-201611-0407

ID

VAR-201611-0407

TITLE

Schneider 140NOE77101 Ethernet Module Has Land Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-11364

DESCRIPTION

40NOE77101 is an Ethernet communication module for Schneider's Quantum series PLC. The Schneider 140NOE77101 Ethernet module's TCP / IP protocol stack has a Land attack vulnerability. As the program sends a TCP SYN packet with the same source and destination IP (both the IP address of the 140NOE7710 module) to the 140NOE7710 module at a rate greater than 15kpps, the attacker can use The vulnerability can cause the module protocol stack to crash and the system to become unresponsive. The module needs to be powered off and restarted to return to normal

Trust: 0.72

sources: CNVD: CNVD-2016-11364 // IVD: 0124fb21-6081-4d83-a7ab-e6aa76455173

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 0124fb21-6081-4d83-a7ab-e6aa76455173 // CNVD: CNVD-2016-11364

AFFECTED PRODUCTS

vendor:	schneider	model:	electric 140noe77101 modular system	scope:	eq	version:	6.7	Trust: 0.6
vendor:	schneider	model:	electric 140noe77101 module system	scope:	eq	version:	6.7	Trust: 0.2

sources: IVD: 0124fb21-6081-4d83-a7ab-e6aa76455173 // CNVD: CNVD-2016-11364

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-11364
value:	MEDIUM
Trust: 0.6
IVD:	0124fb21-6081-4d83-a7ab-e6aa76455173
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2016-11364
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0124fb21-6081-4d83-a7ab-e6aa76455173
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 0124fb21-6081-4d83-a7ab-e6aa76455173 // CNVD: CNVD-2016-11364

TYPE

Resource management error

Trust: 0.2

sources: IVD: 0124fb21-6081-4d83-a7ab-e6aa76455173

EXTERNAL IDS

db:	CNVD	id:	CNVD-2016-11364	Trust: 0.8
db:	IVD	id:	0124FB21-6081-4D83-A7AB-E6AA76455173	Trust: 0.2

sources: IVD: 0124fb21-6081-4d83-a7ab-e6aa76455173 // CNVD: CNVD-2016-11364

SOURCES

db:	IVD	id:	0124fb21-6081-4d83-a7ab-e6aa76455173
db:	CNVD	id:	CNVD-2016-11364

LAST UPDATE DATE

2022-05-17T02:07:06.685000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-11364

date:

2016-11-24T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	0124fb21-6081-4d83-a7ab-e6aa76455173	date:	2016-11-21T00:00:00
db:	CNVD	id:	CNVD-2016-11364	date:	2016-12-29T00:00:00