CVE-2016-8367 Information

Description

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels all versions Magelis GTU Universal Panel all versions Magelis STO5xx and STU Small panels all versions Magelis XBT GH Advanced Hand-held Panels all versions Magelis XBT GK Advanced Touchscreen Panels with Keyboard all versions Magelis XBT GT Advanced Touchscreen Panels all versions and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made rendering the web server unavailable during an attack.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Reference

http://www.securityfocus.com/bid/94093 https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

LOW

Base Severity

5.3