CVE-2016-8367

Name of the Vulnerable Software and Affected Versions Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions Schneider Electric Magelis GTU Universal Panel, all versions Schneider Electric Magelis STO5xx and STU Small panels, all versions Schneider Electric Magelis XBT GH Advanced Hand-held Panels, all versions Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions Schneider Electric Magelis XBT GT Advanced Touchscreen Panels, all versions Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe), all versions

Description An issue was discovered in the mentioned Schneider Electric products. An attacker can open multiple connections to a targeted web server and keep connections open, preventing new connections from being made, rendering the web server unavailable during an attack.

Recommendations For Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, consider restricting access to the web server to minimize the risk of exploitation. For Schneider Electric Magelis GTU Universal Panel, consider implementing connection limits to prevent abuse. For Schneider Electric Magelis STO5xx and STU Small panels, consider disabling unnecessary web server features until a fix is available. For Schneider Electric Magelis XBT GH Advanced Hand-held Panels, restrict access to the web server to authorized personnel only. For Schneider Electric Magelis XBT GK Advanced Touchscreen Panels with Keyboard, consider implementing a connection timeout to prevent prolonged connections. For Schneider Electric Magelis XBT GT Advanced Touchscreen Panels, avoid using the web server for critical operations until the issue is resolved. For Schneider Electric Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe), consider applying configuration changes to limit web server connections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.