Details of VAR-201701-1167

ID

VAR-201701-1167

TITLE

Schneider M218 TCP / IP Stack Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-12609

DESCRIPTION

Modicon M218 is a compact programmable logic controller produced by Schneider Electric of France. Schneider Electric M218 TCP / IP protocol stack has a denial of service vulnerability. Due to sending an abnormal IP packet with an IP header to the M218 (IP_Total_Length field is 0 and IP_Protocol field is 6), the M218 protocol stack may crash and lose its response. Restart the power before returning to normal.

Trust: 0.6

sources: CNVD: CNVD-2016-12609

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-12609

AFFECTED PRODUCTS

vendor:

schneider

model:

electric tm218ldae40drphn

scope:

version:

02.00.31.45

Trust: 0.6

sources: CNVD: CNVD-2016-12609

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-12609
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-12609
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-12609

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-12609

Trust: 0.6

sources: CNVD: CNVD-2016-12609

SOURCES

db:

CNVD

id:

CNVD-2016-12609

LAST UPDATE DATE

2022-05-04T08:40:40.276000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-12609

date:

2016-12-20T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-12609

date:

2017-01-26T00:00:00