CVE-2016-8367

MEDIUM

Schneider Electric - DoS

Title source: llm

Description

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.

Exploits (1)

nomisec WORKING POC 2 stars

by 0xICF · poc

https://github.com/0xICF/PanelShock

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94093

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02

Scores

CVSS v3 5.3

EPSS 0.1371

EPSS Percentile 94.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-400

Status published

Affected Products (9)

schneider-electric/magelis_gtu_universal_panel_firmware

schneider-electric/magelis_gto_advanced_optimum_panel_firmware

schneider-electric/magelis_sto5_small_panel_firmware

schneider-electric/magelis_stu_small_panel_firmware

schneider-electric/magelis_xbt_gh_advanced_hand-held_panel_firmware

schneider-electric/magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware

schneider-electric/magelis_xbt_gt_advanced_touchscreen_panel_firmware

schneider-electric/magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware

n/a/Schneider Electric Magelis HMI < Schneider Electric Magelis HMI

Timeline

Published Feb 13, 2017

Tracked Since Feb 18, 2026