Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-8374 (GCVE-0-2016-8374)
Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:20- Schneider Electric Magelis HMI Resource Consumption
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/94093 | vdb-entryx_refsource_BID |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Schneider Electric Magelis HMI |
Affected:
Schneider Electric Magelis HMI
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
},
{
"name": "94093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric Magelis HMI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric Magelis HMI"
}
]
}
],
"datePublic": "2017-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Schneider Electric Magelis HMI Resource Consumption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
},
{
"name": "94093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Magelis HMI",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Magelis HMI"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Schneider Electric Magelis HMI Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
},
{
"name": "94093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-8374",
"datePublished": "2017-02-13T21:00:00.000Z",
"dateReserved": "2016-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:20:30.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-8374",
"date": "2026-07-16",
"epss": "0.02162",
"percentile": "0.80171"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-8374\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2017-02-13T21:59:01.283\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.\"},{\"lang\":\"es\",\"value\":\"Ha sido descubierto un problema en Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, todas las versiones, Magelis GTU Universal Panel, todas las versiones, Magelis STO5xx and STU Small panels, todas las versiones, Magelis XBT GH Advanced Hand-held Panels, todas las versiones, Magelis XBT GK Advanced Touchscreen Panels con Keyboard, todas las versiones, Magelis XBT GT Advanced Touchscreen Panels, todas las versiones y Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). Un atacante puede ser capaz de interrumpir un servidor web objetivo, causando una denegaci\u00f3n de servicio por UNCONTROLLED RESOURCE CONSUMPTION.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_gtu_universal_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67686731-11C6-4A70-86EA-C20D4A5E00C0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_gtu_universal_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9338C7D9-7F38-4B34-BDB0-95563240A189\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_gto_advanced_optimum_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"453B800A-F3A0-4B22-961E-67F2EBAB292D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_gto_advanced_optimum_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDCA8937-DC4C-41C1-A1CC-BF4DA36C942D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_sto5_small_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E0BA1A0-E0B9-46A0-86C4-4C82A2EFCFC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_sto5_small_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4FFCC32-67D5-4120-8BA8-C56C860CFEE4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_stu_small_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DF991F7-68D1-489A-BEDF-468F38E8B481\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_stu_small_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88823BB1-E5A0-4835-943F-C13EEA51F77A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50F7724E-7DBF-499B-BCD1-A02B86478555\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"126EDAD4-D08C-42B0-A621-596FCA27CF80\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B73A3B3-686C-4F64-A398-C4E810A36FF7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B98FB31-BF55-48EA-A284-627C431090CF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48F17071-598B-4361-8AA4-E60DC1CF02AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92DF2AF4-045C-4E8E-AF10-A3BC0C824419\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"229C5A41-9D33-4224-9AD8-E4C683DDD7FF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"735F7A66-E882-431B-B8C9-046289A20DF0\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94093\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/94093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
厂商尚未提供漏洞修补方案,请关注厂商主页及时更新: http://www.schneider-electric.com/
| Name | ['Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe)', 'Schneider Electric Magelis XBT GT Advanced Touchscreen Panels All', 'Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard All', 'Schneider Electric Magelis XBT GH Advanced hand-held Panel All', 'Schneider Electric Magelis STO & STU Small panels All', 'Schneider Electric Magelis GTU Universal panel All', 'Schneider Electric Magelis GTO Advanced Optimum panels All'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-8374"
}
},
"description": "Schneider Electric Magelis HMI Magelis GTO Advanced Optimum panels\u7b49\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684HMI\u4eba\u673a\u9762\u677f\u7cfb\u5217\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eSchneider Electric\u4ea7\u54c1\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u7834\u574f\u76ee\u6807web\u670d\u52a1\u5668\uff0c\u5bfc\u81f4\u670d\u52a1\u5668\u62d2\u7edd\u670d\u52a1\uff0c\u8bbe\u5907\u91cd\u542f\u3002",
"discovererName": "Eran Goldstein",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttp://www.schneider-electric.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-10624",
"openTime": "2016-11-04",
"products": {
"product": [
"Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe)",
"Schneider Electric Magelis XBT GT Advanced Touchscreen Panels All",
"Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard All",
"Schneider Electric Magelis XBT GH Advanced hand-held Panel All",
"Schneider Electric Magelis STO \u0026 STU Small panels All",
"Schneider Electric Magelis GTU Universal panel All",
"Schneider Electric Magelis GTO Advanced Optimum panels All"
]
},
"referenceLink": "http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-302-01\r\nhttp://www.critifence.com/sve/sve.php?id=82003202",
"serverity": "\u9ad8",
"submitTime": "2016-11-03",
"title": "\u591a\u6b3eSchneider Electric\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
FKIE_CVE-2016-8374
Vulnerability from fkie_nvd - Published: 2017-02-13 21:59 - Updated: 2026-06-17 00:54| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/94093 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94093 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02 | Third Party Advisory, US Government Resource |
{
"affected": [
{
"affectedData": [
{
"product": "Schneider Electric Magelis HMI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric Magelis HMI"
}
]
}
],
"source": "ics-cert@hq.dhs.gov"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:magelis_gtu_universal_panel_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67686731-11C6-4A70-86EA-C20D4A5E00C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:magelis_gtu_universal_panel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9338C7D9-7F38-4B34-BDB0-95563240A189",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:magelis_gto_advanced_optimum_panel_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "453B800A-F3A0-4B22-961E-67F2EBAB292D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:magelis_gto_advanced_optimum_panel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA8937-DC4C-41C1-A1CC-BF4DA36C942D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:magelis_sto5_small_panel_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0BA1A0-E0B9-46A0-86C4-4C82A2EFCFC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:magelis_sto5_small_panel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FFCC32-67D5-4120-8BA8-C56C860CFEE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:magelis_stu_small_panel_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF991F7-68D1-489A-BEDF-468F38E8B481",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:magelis_stu_small_panel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88823BB1-E5A0-4835-943F-C13EEA51F77A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F7724E-7DBF-499B-BCD1-A02B86478555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "126EDAD4-D08C-42B0-A621-596FCA27CF80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B73A3B3-686C-4F64-A398-C4E810A36FF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B98FB31-BF55-48EA-A284-627C431090CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48F17071-598B-4361-8AA4-E60DC1CF02AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DF2AF4-045C-4E8E-AF10-A3BC0C824419",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "229C5A41-9D33-4224-9AD8-E4C683DDD7FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "735F7A66-E882-431B-B8C9-046289A20DF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, todas las versiones, Magelis GTU Universal Panel, todas las versiones, Magelis STO5xx and STU Small panels, todas las versiones, Magelis XBT GH Advanced Hand-held Panels, todas las versiones, Magelis XBT GK Advanced Touchscreen Panels con Keyboard, todas las versiones, Magelis XBT GT Advanced Touchscreen Panels, todas las versiones y Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). Un atacante puede ser capaz de interrumpir un servidor web objetivo, causando una denegaci\u00f3n de servicio por UNCONTROLLED RESOURCE CONSUMPTION."
}
],
"id": "CVE-2016-8374",
"lastModified": "2026-06-17T00:54:14.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T21:59:01.283",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94093"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-XJRM-79VQ-7XRV
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.
{
"affected": [],
"aliases": [
"CVE-2016-8374"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-13T21:59:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.",
"id": "GHSA-xjrm-79vq-7xrv",
"modified": "2022-05-13T01:04:06Z",
"published": "2022-05-13T01:04:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8374"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94093"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2016-8374
Vulnerability from gsd - Updated: 2023-12-13 01:21{
"GSD": {
"alias": "CVE-2016-8374",
"description": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.",
"id": "GSD-2016-8374"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-8374"
],
"details": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.",
"id": "GSD-2016-8374",
"modified": "2023-12-13T01:21:22.280917Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Magelis HMI",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Magelis HMI"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Schneider Electric Magelis HMI Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
},
{
"name": "94093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94093"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:magelis_gtu_universal_panel_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:magelis_gtu_universal_panel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:magelis_gto_advanced_optimum_panel_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:magelis_gto_advanced_optimum_panel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:magelis_sto5_small_panel_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:magelis_sto5_small_panel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:magelis_stu_small_panel_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:magelis_stu_small_panel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8374"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02"
},
{
"name": "94093",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94093"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-02-02T02:06Z",
"publishedDate": "2017-02-13T21:59Z"
}
}
}
ICSA-16-308-02B
Vulnerability from csaf_cisa - Published: 2016-08-07 06:00 - Updated: 2025-06-05 22:01| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Magelis GTO Advanced Optimum Panels: vers:all/*
Schneider Electric / Magelis GTO Advanced Optimum Panels
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis GTU Universal Panel: vers:all/*
Schneider Electric / Magelis GTU Universal Panel
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis STO5xx and STU Small panels: vers:all/*
Schneider Electric / Magelis STO5xx and STU Small panels
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis XBT GH Advanced Hand-held Panels: vers:all/*
Schneider Electric / Magelis XBT GH Advanced Hand-held Panels
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard: vers:all/*
Schneider Electric / Magelis XBT GK Advanced Touchscreen Panels with Keyboard
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis XBT GT Advanced Touchscreen Panels: vers:all/*
Schneider Electric / Magelis XBT GT Advanced Touchscreen Panels
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe): vers:all/*
Schneider Electric / Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe)
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Schneider Electric Magelis GTO Advanced Optimum Panels: vers:all/*
Schneider Electric / Magelis GTO Advanced Optimum Panels
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis GTU Universal Panel: vers:all/*
Schneider Electric / Magelis GTU Universal Panel
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis STO5xx and STU Small panels: vers:all/*
Schneider Electric / Magelis STO5xx and STU Small panels
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis XBT GH Advanced Hand-held Panels: vers:all/*
Schneider Electric / Magelis XBT GH Advanced Hand-held Panels
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard: vers:all/*
Schneider Electric / Magelis XBT GK Advanced Touchscreen Panels with Keyboard
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis XBT GT Advanced Touchscreen Panels: vers:all/*
Schneider Electric / Magelis XBT GT Advanced Touchscreen Panels
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe): vers:all/*
Schneider Electric / Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe)
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-16-308-02B JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2016/icsa-16-308-02b.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-16-308-02B - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-16-308-02b"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
}
],
"title": "Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update B)",
"tracking": {
"current_release_date": "2025-06-05T22:01:37.316376Z",
"generator": {
"date": "2025-06-05T22:01:37.316260Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-16-308-02B",
"initial_release_date": "2016-08-07T06:00:00.000000Z",
"revision_history": [
{
"date": "2016-08-07T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2025-06-05T22:01:37.316376Z",
"legacy_version": "CSAF Conversion",
"number": "2",
"summary": "Advisory converted into a CSAF"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Schneider Electric Magelis GTO Advanced Optimum Panels: vers:all/*",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Magelis GTO Advanced Optimum Panels"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Schneider Electric Magelis GTU Universal Panel: vers:all/*",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Magelis GTU Universal Panel"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Schneider Electric Magelis STO5xx and STU Small panels: vers:all/*",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Magelis STO5xx and STU Small panels"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Schneider Electric Magelis XBT GH Advanced Hand-held Panels: vers:all/*",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Magelis XBT GH Advanced Hand-held Panels"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard: vers:all/*",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Magelis XBT GK Advanced Touchscreen Panels with Keyboard"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Schneider Electric Magelis XBT GT Advanced Touchscreen Panels: vers:all/*",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Magelis XBT GT Advanced Touchscreen Panels"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe): vers:all/*",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe)"
}
],
"category": "vendor",
"name": "Schneider Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-8367",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Schneider Electric has released a new version of Vijeo XD, Version 2.4.2, which does not integrate the web server feature containing the identified vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Vijeo XD, Version 2.4.2, is available at the following location: (http://www.schneider-electric.com/en/download/range/62621-Vijeo%20XD/?docTypeGroup=3541958-Software%2FFirmware)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "http://www.schneider-electric.com/en/download/range/62621-Vijeo%20XD/?docTypeGroup=3541958-Software%2FFirmware"
},
{
"category": "mitigation",
"details": "Schneider Electric states that users who need the web server feature should instead apply the following measures to minimize potential exposure: Schneider Electric advises users with products having Runtime versions prior to Version 6.2 Service Pack 2 to upgrade to the latest available version. Current versions of the Runtime do not require a reboot for the HMI to recover from attack. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. Minimize potential attack surface by leaving the Web Gate Server set to its default disabled state if it is not needed. Place control system networks and devices behind firewalls, and isolate them from the business network. Limit traffic on the local network with managed switches. Where possible, avoid Wi-Fi capabilities",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "but when Wi-Fi is essential, use only secure communications (such as WPA2 encryption). Do not grant access to unknown computers. When remote access is essential, use secure methods, such as Virtual Private Networks (VPNs)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "and ensure the remote access solution(s), as well as the remote computer(s), are kept up-to-date with the latest security patches.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For further information on vulnerabilities or interim mitigations, please see Schneider Electric\u2019s Security Notification - Magelis HMI, at the following location: (http://www.schneider-electric.com/en/download/document/SEVD-2016-302-01/)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2016-302-01/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
]
},
{
"cve": "CVE-2016-8374",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Schneider Electric has released a new version of Vijeo XD, Version 2.4.2, which does not integrate the web server feature containing the identified vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Vijeo XD, Version 2.4.2, is available at the following location: (http://www.schneider-electric.com/en/download/range/62621-Vijeo%20XD/?docTypeGroup=3541958-Software%2FFirmware)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "http://www.schneider-electric.com/en/download/range/62621-Vijeo%20XD/?docTypeGroup=3541958-Software%2FFirmware"
},
{
"category": "mitigation",
"details": "Schneider Electric states that users who need the web server feature should instead apply the following measures to minimize potential exposure: Schneider Electric advises users with products having Runtime versions prior to Version 6.2 Service Pack 2 to upgrade to the latest available version. Current versions of the Runtime do not require a reboot for the HMI to recover from attack. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. Minimize potential attack surface by leaving the Web Gate Server set to its default disabled state if it is not needed. Place control system networks and devices behind firewalls, and isolate them from the business network. Limit traffic on the local network with managed switches. Where possible, avoid Wi-Fi capabilities",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "but when Wi-Fi is essential, use only secure communications (such as WPA2 encryption). Do not grant access to unknown computers. When remote access is essential, use secure methods, such as Virtual Private Networks (VPNs)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "and ensure the remote access solution(s), as well as the remote computer(s), are kept up-to-date with the latest security patches.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For further information on vulnerabilities or interim mitigations, please see Schneider Electric\u2019s Security Notification - Magelis HMI, at the following location: (http://www.schneider-electric.com/en/download/document/SEVD-2016-302-01/)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2016-302-01/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
]
}
]
}
VAR-201702-0079
Vulnerability from variot - Updated: 2025-04-20 23:23An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION. A denial of service vulnerability exists in several Schneider Electric products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "magelis gtu universal panel",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis xbt gh advanced hand-held panel",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis xbt gk advanced touchscreen panel with keyboard",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis gto advanced optimum panel",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis sto5 small panel",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis xbt gt advanced touchscreen panel",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis xbt gtw advanced open touchscreen panel",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis stu small panel",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis gto advanced optimum panels",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis sto5xx small panels",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis stu small panels",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis xbt gh advanced hand-held panels",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis xbt gk advanced touchscreen panels with keyboard",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis xbt gt advanced touchscreen panels",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "magelis xbt gtw advanced open touchscreen panels",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric magelis xbt gtw advanced open touchscreen panels",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric magelis xbt gt advanced touchscreen panels all",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric magelis xbt gk advanced touchscreen panels with keyboard all",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric magelis xbt gh advanced hand-held panel all",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric magelis sto \u0026 stu small panels all",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric magelis gtu universal panel all",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric magelis gto advanced optimum panels all",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "magelis xbt gtw",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "magelis xbt gk",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "magelis xbt gh",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "magelis xbt gt",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "magelis stu",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "magelis sto",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "magelis gtu",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "magelis gto",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "magelis gtu universal panel",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "magelis gto advanced optimum panel",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "magelis sto5 small panel",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "magelis stu small panel",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "magelis xbt gh advanced hand held panel",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "magelis xbt gk advanced touchscreen panel with keyboard",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "magelis xbt gt advanced touchscreen panel",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "magelis xbt gtw advanced open touchscreen panel",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "2ec2201d-fb45-4b8c-bdf4-b90bcb51b687"
},
{
"db": "CNVD",
"id": "CNVD-2016-10624"
},
{
"db": "BID",
"id": "94093"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007995"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-909"
},
{
"db": "NVD",
"id": "CVE-2016-8374"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:magelis_gto_advanced_optimum_panel_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:magelis_gtu_universal_panel_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:magelis_sto5_small_panel_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:magelis_stu_small_panel_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:magelis_xbt_gh_advanced_hand-held_panel_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:magelis_xbt_gt_advanced_touchscreen_panel_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eran Goldstein, in collaboration with Check Point Software Technologies and CRITIFENCE.",
"sources": [
{
"db": "BID",
"id": "94093"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8374",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8374",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-10624",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "2ec2201d-fb45-4b8c-bdf4-b90bcb51b687",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-97194",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8374",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8374",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8374",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-8374",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10624",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-909",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "2ec2201d-fb45-4b8c-bdf4-b90bcb51b687",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97194",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2ec2201d-fb45-4b8c-bdf4-b90bcb51b687"
},
{
"db": "CNVD",
"id": "CNVD-2016-10624"
},
{
"db": "VULHUB",
"id": "VHN-97194"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007995"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-909"
},
{
"db": "NVD",
"id": "CVE-2016-8374"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION. A denial of service vulnerability exists in several Schneider Electric products",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8374"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007995"
},
{
"db": "CNVD",
"id": "CNVD-2016-10624"
},
{
"db": "BID",
"id": "94093"
},
{
"db": "IVD",
"id": "2ec2201d-fb45-4b8c-bdf4-b90bcb51b687"
},
{
"db": "VULHUB",
"id": "VHN-97194"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8374",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-308-02",
"trust": 2.8
},
{
"db": "BID",
"id": "94093",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201610-909",
"trust": 0.9
},
{
"db": "SCHNEIDER",
"id": "SEVD-2016-302-01",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-10624",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007995",
"trust": 0.8
},
{
"db": "IVD",
"id": "2EC2201D-FB45-4B8C-BDF4-B90BCB51B687",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-92511",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97194",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2ec2201d-fb45-4b8c-bdf4-b90bcb51b687"
},
{
"db": "CNVD",
"id": "CNVD-2016-10624"
},
{
"db": "VULHUB",
"id": "VHN-97194"
},
{
"db": "BID",
"id": "94093"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007995"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-909"
},
{
"db": "NVD",
"id": "CVE-2016-8374"
}
]
},
"id": "VAR-201702-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2ec2201d-fb45-4b8c-bdf4-b90bcb51b687"
},
{
"db": "CNVD",
"id": "CNVD-2016-10624"
},
{
"db": "VULHUB",
"id": "VHN-97194"
}
],
"trust": 1.7125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2ec2201d-fb45-4b8c-bdf4-b90bcb51b687"
},
{
"db": "CNVD",
"id": "CNVD-2016-10624"
}
]
},
"last_update_date": "2025-04-20T23:23:53.284000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Magelis HMI",
"trust": 0.8,
"url": "http://www.schneider-electric.com/b2b/en/products/product-launch/magelis-hmi/"
},
{
"title": "Multiple Schneider Electric Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180273"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007995"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-909"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97194"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007995"
},
{
"db": "NVD",
"id": "CVE-2016-8374"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-308-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94093"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8374"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8374"
},
{
"trust": 0.6,
"url": "http://www.schneider-electric.com/ww/en/download/document/sevd-2016-302-01"
},
{
"trust": 0.6,
"url": "http://www.critifence.com/sve/sve.php?id=82003202"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2016-302-01/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10624"
},
{
"db": "VULHUB",
"id": "VHN-97194"
},
{
"db": "BID",
"id": "94093"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007995"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-909"
},
{
"db": "NVD",
"id": "CVE-2016-8374"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2ec2201d-fb45-4b8c-bdf4-b90bcb51b687"
},
{
"db": "CNVD",
"id": "CNVD-2016-10624"
},
{
"db": "VULHUB",
"id": "VHN-97194"
},
{
"db": "BID",
"id": "94093"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007995"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-909"
},
{
"db": "NVD",
"id": "CVE-2016-8374"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-04T00:00:00",
"db": "IVD",
"id": "2ec2201d-fb45-4b8c-bdf4-b90bcb51b687"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10624"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97194"
},
{
"date": "2016-11-03T00:00:00",
"db": "BID",
"id": "94093"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007995"
},
{
"date": "2016-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-909"
},
{
"date": "2017-02-13T21:59:01.283000",
"db": "NVD",
"id": "CVE-2016-8374"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10624"
},
{
"date": "2017-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-97194"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94093"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007995"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-909"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8374"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-909"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Magelis Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-909"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.