Details of VAR-201702-0079

ID

VAR-201702-0079

CVE

CVE-2016-8374

TITLE

plural Schneider Electric Magelis Service disruption in products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-007995

DESCRIPTION

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION. A denial of service vulnerability exists in several Schneider Electric products

Trust: 2.7

sources: NVD: CVE-2016-8374 // JVNDB: JVNDB-2016-007995 // CNVD: CNVD-2016-10624 // BID: 94093 // IVD: 2ec2201d-fb45-4b8c-bdf4-b90bcb51b687 // VULHUB: VHN-97194

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 2ec2201d-fb45-4b8c-bdf4-b90bcb51b687 // CNVD: CNVD-2016-10624

AFFECTED PRODUCTS

vendor:	schneider electric	model:	magelis gtu universal panel	scope:	eq	version:	-	Trust: 2.4
vendor:	schneider electric	model:	magelis xbt gh advanced hand-held panel	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	magelis xbt gk advanced touchscreen panel with keyboard	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	magelis gto advanced optimum panel	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	magelis sto5 small panel	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	magelis xbt gt advanced touchscreen panel	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	magelis xbt gtw advanced open touchscreen panel	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	magelis stu small panel	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	magelis gto advanced optimum panels	scope:	eq	version:	-	Trust: 0.8
vendor:	schneider electric	model:	magelis sto5xx small panels	scope:	eq	version:	-	Trust: 0.8
vendor:	schneider electric	model:	magelis stu small panels	scope:	eq	version:	-	Trust: 0.8
vendor:	schneider electric	model:	magelis xbt gh advanced hand-held panels	scope:	eq	version:	-	Trust: 0.8
vendor:	schneider electric	model:	magelis xbt gk advanced touchscreen panels with keyboard	scope:	eq	version:	-	Trust: 0.8
vendor:	schneider electric	model:	magelis xbt gt advanced touchscreen panels	scope:	eq	version:	-	Trust: 0.8
vendor:	schneider electric	model:	magelis xbt gtw advanced open touchscreen panels	scope:	eq	version:	-	Trust: 0.8
vendor:	schneider	model:	electric magelis xbt gtw advanced open touchscreen panels	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric magelis xbt gt advanced touchscreen panels all	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric magelis xbt gk advanced touchscreen panels with keyboard all	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric magelis xbt gh advanced hand-held panel all	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric magelis sto & stu small panels all	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric magelis gtu universal panel all	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric magelis gto advanced optimum panels all	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	magelis xbt gtw	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	magelis xbt gk	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	magelis xbt gh	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	magelis xbt gt	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	magelis stu	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	magelis sto	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	magelis gtu	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	magelis gto	scope:	eq	version:	0	Trust: 0.3
vendor:	magelis gtu universal panel	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	magelis gto advanced optimum panel	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	magelis sto5 small panel	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	magelis stu small panel	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	magelis xbt gh advanced hand held panel	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	magelis xbt gk advanced touchscreen panel with keyboard	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	magelis xbt gt advanced touchscreen panel	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	magelis xbt gtw advanced open touchscreen panel	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 2ec2201d-fb45-4b8c-bdf4-b90bcb51b687 // CNVD: CNVD-2016-10624 // BID: 94093 // JVNDB: JVNDB-2016-007995 // CNNVD: CNNVD-201610-909 // NVD: CVE-2016-8374

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8374
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-8374
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-10624
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201610-909
value:	HIGH
Trust: 0.6
IVD:	2ec2201d-fb45-4b8c-bdf4-b90bcb51b687
value:	HIGH
Trust: 0.2
VULHUB:	VHN-97194
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-8374
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-10624
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	2ec2201d-fb45-4b8c-bdf4-b90bcb51b687
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-97194
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8374
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2016-8374
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 2ec2201d-fb45-4b8c-bdf4-b90bcb51b687 // CNVD: CNVD-2016-10624 // VULHUB: VHN-97194 // JVNDB: JVNDB-2016-007995 // CNNVD: CNNVD-201610-909 // NVD: CVE-2016-8374

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-97194 // JVNDB: JVNDB-2016-007995 // NVD: CVE-2016-8374

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-909

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201610-909

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007995

PATCH

title:	Magelis HMI	url:	http://www.schneider-electric.com/b2b/en/products/product-launch/magelis-hmi/	Trust: 0.8
title:	Multiple Schneider Electric Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180273	Trust: 0.6

sources: JVNDB: JVNDB-2016-007995 // CNNVD: CNNVD-201610-909

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8374	Trust: 3.6
db:	ICS CERT	id:	ICSA-16-308-02	Trust: 2.8
db:	BID	id:	94093	Trust: 2.0
db:	CNNVD	id:	CNNVD-201610-909	Trust: 0.9
db:	SCHNEIDER	id:	SEVD-2016-302-01	Trust: 0.9
db:	CNVD	id:	CNVD-2016-10624	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007995	Trust: 0.8
db:	IVD	id:	2EC2201D-FB45-4B8C-BDF4-B90BCB51B687	Trust: 0.2
db:	SEEBUG	id:	SSVID-92511	Trust: 0.1
db:	VULHUB	id:	VHN-97194	Trust: 0.1

sources: IVD: 2ec2201d-fb45-4b8c-bdf4-b90bcb51b687 // CNVD: CNVD-2016-10624 // VULHUB: VHN-97194 // BID: 94093 // JVNDB: JVNDB-2016-007995 // CNNVD: CNNVD-201610-909 // NVD: CVE-2016-8374

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-308-02	Trust: 2.8
url:	http://www.securityfocus.com/bid/94093	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8374	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8374	Trust: 0.8
url:	http://www.schneider-electric.com/ww/en/download/document/sevd-2016-302-01	Trust: 0.6
url:	http://www.critifence.com/sve/sve.php?id=82003202	Trust: 0.6
url:	www.controlmicrosystems.com	Trust: 0.3
url:	http://www.schneider-electric.com/en/download/document/sevd-2016-302-01/	Trust: 0.3

sources: CNVD: CNVD-2016-10624 // VULHUB: VHN-97194 // BID: 94093 // JVNDB: JVNDB-2016-007995 // CNNVD: CNNVD-201610-909 // NVD: CVE-2016-8374

CREDITS

Eran Goldstein, in collaboration with Check Point Software Technologies and CRITIFENCE.

Trust: 0.3

sources: BID: 94093

SOURCES

db:	IVD	id:	2ec2201d-fb45-4b8c-bdf4-b90bcb51b687
db:	CNVD	id:	CNVD-2016-10624
db:	VULHUB	id:	VHN-97194
db:	BID	id:	94093
db:	JVNDB	id:	JVNDB-2016-007995
db:	CNNVD	id:	CNNVD-201610-909
db:	NVD	id:	CVE-2016-8374

LAST UPDATE DATE

2025-04-20T23:23:53.284000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-10624	date:	2016-11-04T00:00:00
db:	VULHUB	id:	VHN-97194	date:	2017-03-16T00:00:00
db:	BID	id:	94093	date:	2016-11-24T01:07:00
db:	JVNDB	id:	JVNDB-2016-007995	date:	2017-04-06T00:00:00
db:	CNNVD	id:	CNNVD-201610-909	date:	2022-02-07T00:00:00
db:	NVD	id:	CVE-2016-8374	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	2ec2201d-fb45-4b8c-bdf4-b90bcb51b687	date:	2016-11-04T00:00:00
db:	CNVD	id:	CNVD-2016-10624	date:	2016-11-04T00:00:00
db:	VULHUB	id:	VHN-97194	date:	2017-02-13T00:00:00
db:	BID	id:	94093	date:	2016-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-007995	date:	2017-04-06T00:00:00
db:	CNNVD	id:	CNNVD-201610-909	date:	2016-11-02T00:00:00
db:	NVD	id:	CVE-2016-8374	date:	2017-02-13T21:59:01.283