CVE-2016-8367

MEDIUM

Schneider Electric Magelis HMI - Denial of Service via Connection Exhaustion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-8367. PoCs published by 0xICF.

AI-analyzed exploit summary This repository contains a Python-based exploit for CVE-2016-8367, targeting a DoS vulnerability in MagelisVCT v1.0.1. The exploit uses chunked HTTP requests to overwhelm the target system, with configurable parameters for thread count, chunk size, and intervals.

Description

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.

Exploits (1)

nomisec WORKING POC 2 stars

by 0xICF · poc

https://github.com/0xICF/PanelShock

View Code ZIP pw:eip

This repository contains a Python-based exploit for CVE-2016-8367, targeting a DoS vulnerability in MagelisVCT v1.0.1. The exploit uses chunked HTTP requests to overwhelm the target system, with configurable parameters for thread count, chunk size, and intervals.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: MagelisVCT v1.0.1

No auth needed

Prerequisites: Network access to the target system · Python environment with required libraries

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94093

Scores

CVSS v3 5.3

EPSS 0.1371

EPSS Percentile 94.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-400

Status published

Products (9)

n/a/Schneider Electric Magelis HMI Schneider Electric Magelis HMI

schneider-electric/magelis_gto_advanced_optimum_panel_firmware

schneider-electric/magelis_gtu_universal_panel_firmware

schneider-electric/magelis_sto5_small_panel_firmware

schneider-electric/magelis_stu_small_panel_firmware

schneider-electric/magelis_xbt_gh_advanced_hand-held_panel_firmware

schneider-electric/magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware

schneider-electric/magelis_xbt_gt_advanced_touchscreen_panel_firmware

schneider-electric/magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware

Published Feb 13, 2017

Tracked Since Feb 18, 2026