PT-2017-16834 · Schneider Electric · Modicon M340 Plc
Published
2017-06-30
·
Updated
2024-04-10
·
CVE-2017-6017
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Schneider Electric Modicon M340 PLC versions BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H
Description
A Resource Exhaustion issue allows a remote attacker to send specially crafted packets to the PLC, causing it to freeze. The operator must physically press the reset button on the PLC to recover.
Recommendations
For Schneider Electric Modicon M340 PLC versions BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H, at the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Modicon M340 Plc