CVE-2016-8374

Name of the Vulnerable Software and Affected Versions Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions Schneider Electric Magelis GTU Universal Panel, all versions Schneider Electric Magelis STO5xx and STU Small panels, all versions Schneider Electric Magelis XBT GH Advanced Hand-held Panels, all versions Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions Schneider Electric Magelis XBT GT Advanced Touchscreen Panels, all versions Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe), all versions

Description An issue was discovered that allows an attacker to disrupt a targeted web server, resulting in a denial of service due to uncontrolled resource consumption. This can lead to the web server being unable to handle requests, causing a disruption in service.

Recommendations For Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, restrict access to the web server to minimize the risk of exploitation. For Schneider Electric Magelis GTU Universal Panel, all versions, consider disabling unnecessary services to reduce the attack surface. For Schneider Electric Magelis STO5xx and STU Small panels, all versions, limit the resources available to the web server to prevent uncontrolled resource consumption. For Schneider Electric Magelis XBT GH Advanced Hand-held Panels, all versions, avoid using the web server for critical operations until the issue is resolved. For Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, implement additional monitoring to detect potential denial of service attacks. For Schneider Electric Magelis XBT GT Advanced Touchscreen Panels, all versions, restrict access to the web server from unknown or untrusted sources. For Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe), all versions, consider applying configuration changes to limit the web server's resource consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.