Test ID:	1.3.6.1.4.1.25623.1.0.106630
Category:	Denial of Service
Title:	Schneider Electric Modicon Devices DoS Vulnerability (SEVD-2017-048-02)
Summary:	Schneider Electric Modicon devices are prone to a denial of; service (DoS) vulnerability.
Description:	Summary: Schneider Electric Modicon devices are prone to a denial of service (DoS) vulnerability. Vulnerability Insight: During communication between the operator and PLC using function code 0x5A of Modbus, it is possible to send a specially crafted set of packets to the PLC and cause it to freeze, requiring the operator to physically press the reset button of the PLC in order to recover. Vulnerability Impact: Successful exploitation of this vulnerability may render the device unresponsive requiring a physical reset of the PLC. Affected Software/OS: Schneider Electric devices: - Modicon M580 CPU (part numbers BMEP* and BMEH*) prior to version 2.30 - Modicon M340 CPU (part numbers BMXP34*) prior to version 2.90 - Modicon Quantum CPU (part numbers 140CPU65* and 140CPU67*) prior to version 3.52 - Modicon Premium CPUs (part numbers TSXP57*) prior to version 3.22 Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6017 BugTraq ID: 96414 http://www.securityfocus.com/bid/96414 https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.