CVE-2017-6780

Name of the Vulnerable Software and Affected Versions Connected Grid Network Management System versions prior to IoT-FND Release 4.0 IoT Field Network Director versions prior to IoT-FND Release 4.0

Description A vulnerability in the TCP throttling process could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart. This is due to insufficient rate-limiting protection. An attacker could exploit this by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device, allowing them to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process.

Recommendations For Connected Grid Network Management System versions prior to IoT-FND Release 4.0, update to IoT-FND Release 4.0 or later to resolve the issue. For IoT Field Network Director versions prior to IoT-FND Release 4.0, update to IoT-FND Release 4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the open listening ports to minimize the risk of exploitation.