CVE-2017-6017 Information
Feb 14, 2021
cve
Description
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401 BMXNOE0100 BMXNOE0110 BMXNOE0110H BMXNOR0200H BMXP341000 BMXP342000 BMXP3420102 BMXP3420102CL BMXP342020 BMXP342020H BMXP342030 BMXP3420302 BMXP3420302H and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze requiring the operator to physically press the reset button on the PLC in order to recover.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
http://www.securityfocus.com/bid/96414 https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03 https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5
Share on: