VAR-201611-0407
Vulnerability from variot - Updated: 2022-05-17 02:0740NOE77101 is an Ethernet communication module for Schneider's Quantum series PLC.
The Schneider 140NOE77101 Ethernet module's TCP / IP protocol stack has a Land attack vulnerability. As the program sends a TCP SYN packet with the same source and destination IP (both the IP address of the 140NOE7710 module) to the 140NOE7710 module at a rate greater than 15kpps, the attacker can use The vulnerability can cause the module protocol stack to crash and the system to become unresponsive. The module needs to be powered off and restarted to return to normal
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0407",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric 140noe77101 modular system",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "6.7"
},
{
"model": "electric 140noe77101 module system",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "6.7"
}
],
"sources": [
{
"db": "IVD",
"id": "0124fb21-6081-4d83-a7ab-e6aa76455173"
},
{
"db": "CNVD",
"id": "CNVD-2016-11364"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11364",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "0124fb21-6081-4d83-a7ab-e6aa76455173",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2016-11364",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0124fb21-6081-4d83-a7ab-e6aa76455173",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0124fb21-6081-4d83-a7ab-e6aa76455173"
},
{
"db": "CNVD",
"id": "CNVD-2016-11364"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "40NOE77101 is an Ethernet communication module for Schneider\u0027s Quantum series PLC. \n\nThe Schneider 140NOE77101 Ethernet module\u0027s TCP / IP protocol stack has a Land attack vulnerability. As the program sends a TCP SYN packet with the same source and destination IP (both the IP address of the 140NOE7710 module) to the 140NOE7710 module at a rate greater than 15kpps, the attacker can use The vulnerability can cause the module protocol stack to crash and the system to become unresponsive. The module needs to be powered off and restarted to return to normal",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11364"
},
{
"db": "IVD",
"id": "0124fb21-6081-4d83-a7ab-e6aa76455173"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11364",
"trust": 0.8
},
{
"db": "IVD",
"id": "0124FB21-6081-4D83-A7AB-E6AA76455173",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0124fb21-6081-4d83-a7ab-e6aa76455173"
},
{
"db": "CNVD",
"id": "CNVD-2016-11364"
}
]
},
"id": "VAR-201611-0407",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0124fb21-6081-4d83-a7ab-e6aa76455173"
},
{
"db": "CNVD",
"id": "CNVD-2016-11364"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0124fb21-6081-4d83-a7ab-e6aa76455173"
},
{
"db": "CNVD",
"id": "CNVD-2016-11364"
}
]
},
"last_update_date": "2022-05-17T02:07:06.685000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0124fb21-6081-4d83-a7ab-e6aa76455173"
},
{
"db": "CNVD",
"id": "CNVD-2016-11364"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-21T00:00:00",
"db": "IVD",
"id": "0124fb21-6081-4d83-a7ab-e6aa76455173"
},
{
"date": "2016-12-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11364"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11364"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider 140NOE77101 Ethernet Module Has Land Attack Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11364"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "0124fb21-6081-4d83-a7ab-e6aa76455173"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…