CVE-2017-6017

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGH

EPSS

5.2%

top 10.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Bmxnoc0401 Firmware Schneider-electric Bmxnoe0100 Firmware Schneider-electric Bmxnoe0110 Firmware +12 more

Timeline

PublishedJun 30

Latest updateMay 14

Description

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages16 packages

▶NVDschneider-electric/modicon_m340_bmxp3420302h_firmware2.8

▶NVDschneider-electric/modicon_m340_bmxp342020h_firmware2.8

▶NVDschneider-electric/modicon_m340_bmxp3420302_firmware2.8

▶NVDschneider-electric/modicon_m340_bmxp342030h_firmware2.8

▶NVDschneider-electric/modicon_m340_bmxp3420102cl_firmware2.8

🔴Vulnerability Details

GHSA

GHSA-4v7w-jq2v-52pw: A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP34↗2022-05-14

▶

CVEList

CVE-2017-6017: A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP34↗2017-06-30

▶