CVE-2017-6019
published 2017-04-07CVE-2017-6019: An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the…
PriorityP261high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
36.94%
98.3th percentile
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | conext_combox_865-1058_firmware | <= 3.03 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect rapid repeated HTTP POST requests to /login.cgi on the target device; 1000 iterations in a tight loop are used to trigger the DoS reboot condition. ↗
- →Google dork can be used to identify exposed Conext ComBox devices on the internet: search for 'Conext ComBox' combined with 'JavaScript was not detected' or 'Recover Lost Password'. ↗
- ·All firmware versions prior to V3.03 BN 830 are vulnerable; patched firmware is V3.03 BN 830 or later. ↗
- ·The vulnerability is remotely exploitable with no authentication and requires low skill level; devices should not be exposed to the internet. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Schneider Electric Conext ComBox
cisa_ics·2017-03-02
Schneider Electric Conext ComBox
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric Conext ComBox
Last RevisedMarch 02, 2017
Alert CodeICSA-17-061-02
## CVSS v3 7.5
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Schneider Electric
Equipment: Conext ComBox
Vulnerability: Resource Exhaustion
## AFFECTED PRODUCTS
Schneider Electric reports that the vulnerability affects the following Conext ComBox solar battery monitor:
- Conext ComBox, model 865-1058: all firmware versions prior to V3.03 BN 830
## IMPACT
Successful exploitation of this vulnerability could cause the device to self-reboot, constituting a denial of ser
GHSA
GHSA-54v8-5r88-9g69: An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3
ghsa_unreviewed·2022-05-17
CVE-2017-6019 [HIGH] CWE-400 GHSA-54v8-5r88-9g69: An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
No detection rules found.
No writeups or analysis indexed.
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-052-01http://www.securityfocus.com/bid/96543https://ics-cert.us-cert.gov/advisories/ICSA-17-061-02https://www.exploit-db.com/exploits/41537/http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-052-01http://www.securityfocus.com/bid/96543https://ics-cert.us-cert.gov/advisories/ICSA-17-061-02https://www.exploit-db.com/exploits/41537/
2017-04-07
Published