CVE-2016-8367
First published: Mon Feb 13 2017(Updated: )
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Magelis Gtu Universal Panel Firmware | ||
| Schneider-electric Magelis Gtu Universal Panel Firmware | ||
| Schneider-electric Magelis Gto Advanced Optimum Panel | ||
| Schneider Electric Magelis XBT GT Advanced Touchscreen Panel | ||
| Schneider-electric Magelis Sto5 Small Panel | ||
| Schneider-electric Magelis Sto5 Small Panel Firmware | ||
| Schneider Electric Magelis Stu Small Panel Firmware | ||
| Schneider Electric Magelis Stu Small Panel Firmware | ||
| Schneider-electric Magelis Xbt Gh Advanced Hand-held Panel Firmware | ||
| Schneider-electric Magelis Xbt Gh Advanced Hand-held Panel Firmware | ||
| Schneider Electric Magelis XBT GK Advanced Touchscreen Panel With Keyboard Firmware | ||
| Schneider Electric Magelis XBT GK Advanced Touchscreen Panel With Keyboard | ||
| Schneider Electric Magelis XBT GT Advanced Touchscreen Panel | ||
| Schneider Electric Magelis XBT GT Advanced Touchscreen Panel | ||
| Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panel Firmware | ||
| Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panel Firmware | ||
| All of | ||
| Magelis Gtu Universal Panel Firmware | ||
| Schneider-electric Magelis Gtu Universal Panel Firmware | ||
| All of | ||
| Schneider-electric Magelis Gto Advanced Optimum Panel | ||
| Schneider Electric Magelis XBT GT Advanced Touchscreen Panel | ||
| All of | ||
| Schneider-electric Magelis Sto5 Small Panel | ||
| Schneider-electric Magelis Sto5 Small Panel Firmware | ||
| All of | ||
| Schneider Electric Magelis Stu Small Panel Firmware | ||
| Schneider Electric Magelis Stu Small Panel Firmware | ||
| All of | ||
| Schneider-electric Magelis Xbt Gh Advanced Hand-held Panel Firmware | ||
| Schneider-electric Magelis Xbt Gh Advanced Hand-held Panel Firmware | ||
| All of | ||
| Schneider Electric Magelis XBT GK Advanced Touchscreen Panel With Keyboard Firmware | ||
| Schneider Electric Magelis XBT GK Advanced Touchscreen Panel With Keyboard | ||
| All of | ||
| Schneider Electric Magelis XBT GT Advanced Touchscreen Panel | ||
| Schneider Electric Magelis XBT GT Advanced Touchscreen Panel | ||
| All of | ||
| Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panel Firmware | ||
| Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panel Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-8367?
CVE-2016-8367 is rated as a high severity vulnerability affecting various Schneider Electric Magelis panel devices.
How do I fix CVE-2016-8367?
To fix CVE-2016-8367, update the affected Schneider Electric Magelis HMI panels to the latest firmware version provided by Schneider Electric.
What types of devices are affected by CVE-2016-8367?
CVE-2016-8367 affects several Schneider Electric devices including Magelis GTO, GTU, STO, STU, and XBT series panels.
What are the potential impacts of CVE-2016-8367?
If exploited, CVE-2016-8367 could allow unauthorized access to the Schneider Electric Magelis HMI systems, potentially leading to information disclosure or denial of service.
Is CVE-2016-8367 currently being exploited in the wild?
As of the latest updates, there have been no confirmed incidents of CVE-2016-8367 being actively exploited in the wild.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/schneider-electric
- canonical/magelis gtu universal panel firmware
- canonical/schneider-electric magelis gtu universal panel firmware
- canonical/schneider-electric magelis gto advanced optimum panel
- canonical/schneider electric magelis xbt gt advanced touchscreen panel
- canonical/schneider-electric magelis sto5 small panel
- canonical/schneider-electric magelis sto5 small panel firmware
- canonical/schneider electric magelis stu small panel firmware
- canonical/schneider-electric magelis xbt gh advanced hand-held panel firmware
- canonical/schneider electric magelis xbt gk advanced touchscreen panel with keyboard firmware
- canonical/schneider electric magelis xbt gk advanced touchscreen panel with keyboard
- canonical/schneider electric magelis xbt gtw advanced open touchscreen panel firmware