PT-2017-13728 · Red Lion · Red Lion Hmi
Capitan Alfalo
·
Published
2017-12-30
·
Updated
2019-10-03
·
CVE-2017-14855
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Red Lion HMI panels version HMI 2.41 PLC 2.42
Description
The issue allows remote attackers to cause a denial of service, resulting in a software exception. This can be achieved by sending an HTTP POST request to a long URI that does not exist.
Recommendations
For version HMI 2.41 PLC 2.42, consider restricting access to unknown or unverified HTTP POST requests to prevent the denial of service. As a temporary workaround, limiting the length of accepted URI requests may help mitigate the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Red Lion Hmi