CVE-2017-6017 - OpenCVE

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Bmxnoc0401 Bmxnoc0401 Firmware Bmxnoe0100 Bmxnoe0100 Firmware Bmxnoe0110 Bmxnoe0110 Firmware Bmxnoe0110h Bmxnoe0110h Firmware Bmxnor0200h Bmxnor0200h Firmware Modicon M340 Bmxp341000 Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102cl Modicon M340 Bmxp3420102cl Firmware Modicon M340 Bmxp342020 Modicon M340 Bmxp342020 Firmware Modicon M340 Bmxp342020h Modicon M340 Bmxp342020h Firmware Modicon M340 Bmxp342030 Modicon M340 Bmxp3420302 Modicon M340 Bmxp3420302 Firmware Modicon M340 Bmxp3420302h Modicon M340 Bmxp3420302h Firmware Modicon M340 Bmxp342030 Firmware Modicon M340 Bmxp342030h Modicon M340 Bmxp342030h Firmware

Configuration 1 [-]

AND

cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:2.8:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.8:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:2.8:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:schneider-electric:bmxnoe0110h:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:bmxnoe0110h_firmware:2.8:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:2.8:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:2.8:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:2.8:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:2.8:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:2.8:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:2.8:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:2.8:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:2.8:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:2.8:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:2.8:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:2.8:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/96414
https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03
https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-06-30T02:35:00

Updated: 2024-08-05T15:18:49.611Z

Reserved: 2017-02-16T00:00:00

Link: CVE-2017-6017

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-06-30T03:29:00.233

Modified: 2024-04-10T12:28:45.957

Link: CVE-2017-6017

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object