Test Kennung:	1.3.6.1.4.1.25623.1.0.106630
Kategorie:	Denial of Service
Titel:	Schneider Electric Modicon Devices DoS Vulnerability (SEVD-2017-048-02)
Zusammenfassung:	Schneider Electric Modicon devices are prone to a denial of; service (DoS) vulnerability.
Beschreibung:	Summary: Schneider Electric Modicon devices are prone to a denial of service (DoS) vulnerability. Vulnerability Insight: During communication between the operator and PLC using function code 0x5A of Modbus, it is possible to send a specially crafted set of packets to the PLC and cause it to freeze, requiring the operator to physically press the reset button of the PLC in order to recover. Vulnerability Impact: Successful exploitation of this vulnerability may render the device unresponsive requiring a physical reset of the PLC. Affected Software/OS: Schneider Electric devices: - Modicon M580 CPU (part numbers BMEP* and BMEH*) prior to version 2.30 - Modicon M340 CPU (part numbers BMXP34*) prior to version 2.90 - Modicon Quantum CPU (part numbers 140CPU65* and 140CPU67*) prior to version 3.52 - Modicon Premium CPUs (part numbers TSXP57*) prior to version 3.22 Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6017 BugTraq ID: 96414 http://www.securityfocus.com/bid/96414 https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03
Copyright	Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.