Denial of service - CVE-2016-8374,CVE-2016-8367
Published: November 2, 2016
Vulnerability identifier: #VU1129
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8374,CVE-2016-8367
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote anauthenticated user to perform DoS attack on the target system.
The weakness is due to improper handling of HTTP requests and improper implementation of resource consumption management mechanism. By exploiting PanelShock vulnerabilities, a remote attacker can “freeze” the panel and disconnect the HMI panel device from the SCADA network and prevent the panel from communicating with PLCs.
Successful explootation of the vulnerability results in denial of service.
The weakness is due to improper handling of HTTP requests and improper implementation of resource consumption management mechanism. By exploiting PanelShock vulnerabilities, a remote attacker can “freeze” the panel and disconnect the HMI panel device from the SCADA network and prevent the panel from communicating with PLCs.
Successful explootation of the vulnerability results in denial of service.
How to mitigate CVE-2016-8374,CVE-2016-8367
Securitylab is currently unaware of any patches addressing the vulnerability.