CVE-2017-6017
HIGHSchneider Electric Modicon M340 PLC - Resource Exhaustion via Crafted Packet Sequence
Title source: llmDescription
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96414
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03
Scores
CVSS v3
7.5
EPSS
0.0517
EPSS Percentile
90.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (16)
n/a/Schneider Electric Modicon M340 PLC
Schneider Electric Modicon M340 PLC
schneider-electric/bmxnoc0401_firmware
2.8
schneider-electric/bmxnoe0100_firmware
2.8
schneider-electric/bmxnoe0110_firmware
2.8
schneider-electric/bmxnoe0110h_firmware
2.8
schneider-electric/bmxnor0200h_firmware
2.8
schneider-electric/modicon_m340_bmxp341000_firmware
2.8
schneider-electric/modicon_m340_bmxp342000_firmware
2.8
schneider-electric/modicon_m340_bmxp3420102_firmware
2.8
schneider-electric/modicon_m340_bmxp3420102cl_firmware
2.8
... and 6 more
Published
Jun 30, 2017
Tracked Since
Feb 18, 2026