cbcvebase.
CVE-2016-8352
published 2017-02-13

CVE-2016-8352: An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions…

PriorityP261critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
4.16%
89.6th percentile
An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.

Affected

1 ranges
VendorProductVersion rangeFixed in
msrcmicrosoft_hpc_pack_2019

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered during the SNMP login authentication process — monitor for anomalous or malformed SNMP authentication traffic (UDP/161, UDP/162) directed at ConneXium firewall devices, which may indicate exploitation attempts.
  • The vulnerability is remotely exploitable with no authentication and low attack complexity (CVSS v3 AV:N/AC:L/PR:N/UI:N), meaning any unauthenticated SNMP packet to affected devices could be an exploit attempt.
  • Target asset identification: flag network traffic to/from devices identified as Schneider Electric ConneXium firewalls (models TCSEFEC23F3F20, TCSEFEC23F3F21, TCSEFEC23FCF20, TCSEFEC23FCF21, TCSEFEC2CF3F20) on SNMP ports for deeper inspection.
  • ·No known public exploits exist for this vulnerability at time of advisory publication; exploitation risk is present but unconfirmed in the wild.
  • ·All firmware versions of the affected ConneXium firewall models are vulnerable; there is no safe version to allowlist until Schneider Electric releases the firmware update.

CVSS provenance

nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.