Description
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01
Various Sources x_refsource_misc
https://security.cse.iitk.ac.in/responsible-disclosure
Scores
CVSS v3
6.5
EPSS
0.0034
EPSS Percentile
57.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-754
Status
published
Products (9)
schneider-electric/hmigto_firmware
schneider-electric/hmigtu_firmware
schneider-electric/hmigxo_firmware
schneider-electric/hmigxu_firmware
schneider-electric/hmiscu_firmware
schneider-electric/hmisto_firmware
schneider-electric/hmistu_firmware
schneider-electric/xbtgh_firmware
schneider-electric/xbtgt_firmware
Published
Sep 17, 2019
Tracked Since
Feb 18, 2026