← back
CVE-2017-6017

CVE-2017-6017

EPSS 4.8%CWE-400
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 4.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Jun 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.
Affected products
n/a · Schneider Electric Modicon M340 PLC

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/http://www.securityfocus.com/bid/96414