Detections
Analytics
Schneider Electric ConneXium Firewalls Buffer Overflow
critical Nessus Network Monitor Plugin ID 720088
Synopsis
An issue was discovered in Schneider Electric ConneXium firewalls that leads to a stack-based buffer overflow.Description
An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.Solution
Perform vendor recommended mitigations and apply available vendor upgrades.See Also
http://www.securityfocus.com/bid/94062,https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01
Plugin Details
Severity: Critical
ID: 720088
Family: SCADA
Published: 5/8/2019
Updated: 9/30/2019
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 11/1/2016
Vulnerability Publication Date: 11/1/2016
Reference Information
CVE: CVE-2016-8352
BID: 94062