Eran Goldstein

**Name of the Vulnerable Software and Affected Versions** Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions Schneider Electric Magelis GTU Universal Panel, all versions Schneider Electric Magelis STO5xx and STU Small panels, all versions Schneider Electric Magelis XBT GH Advanced Hand-held Panels, all versions Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions Schneider Electric Magelis XBT GT Advanced Touchscreen Panels, all versions Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe), all versions **Description** An issue was discovered in the mentioned Schneider Electric products. An attacker can open multiple connections to a targeted web server and keep connections open, preventing new connections from being made, rendering the web server unavailable during an attack. **Recommendations** For Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, consider restricting access to the web server to minimize the risk of exploitation. For Schneider Electric Magelis GTU Universal Panel, consider implementing connection limits to prevent abuse. For Schneider Electric Magelis STO5xx and STU Small panels, consider disabling unnecessary web server features until a fix is available. For Schneider Electric Magelis XBT GH Advanced Hand-held Panels, restrict access to the web server to authorized personnel only. For Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard, consider implementing a connection timeout to prevent prolonged connections. For Schneider Electric Magelis XBT GT Advanced Touchscreen Panels, avoid using the web server for critical operations until the issue is resolved. For Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe), consider applying configuration changes to limit web server connections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions Schneider Electric Magelis GTU Universal Panel, all versions Schneider Electric Magelis STO5xx and STU Small panels, all versions Schneider Electric Magelis XBT GH Advanced Hand-held Panels, all versions Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions Schneider Electric Magelis XBT GT Advanced Touchscreen Panels, all versions Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe), all versions **Description** An issue was discovered that allows an attacker to disrupt a targeted web server, resulting in a denial of service due to uncontrolled resource consumption. This can lead to the web server being unable to handle requests, causing a disruption in service. **Recommendations** For Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, restrict access to the web server to minimize the risk of exploitation. For Schneider Electric Magelis GTU Universal Panel, all versions, consider disabling unnecessary services to reduce the attack surface. For Schneider Electric Magelis STO5xx and STU Small panels, all versions, limit the resources available to the web server to prevent uncontrolled resource consumption. For Schneider Electric Magelis XBT GH Advanced Hand-held Panels, all versions, avoid using the web server for critical operations until the issue is resolved. For Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, implement additional monitoring to detect potential denial of service attacks. For Schneider Electric Magelis XBT GT Advanced Touchscreen Panels, all versions, restrict access to the web server from unknown or untrusted sources. For Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe), all versions, consider applying configuration changes to limit the web server's resource consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.