CVE-2016-8352 - Vulnerability Details - OpenCVE

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Connexium Firmware Tcsefec23f3f20 Tcsefec23f3f21 Tcsefec23fcf20 Tcsefec23fcf21 Tcsefec2cf3f20

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:connexium_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:tcsefec23f3f20:-:::::::*
	cpe:2.3:h:schneider-electric:tcsefec23f3f21:-:::::::*
	cpe:2.3:h:schneider-electric:tcsefec23fcf20:-:::::::*
	cpe:2.3:h:schneider-electric:tcsefec23fcf21:-:::::::*
	cpe:2.3:h:schneider-electric:tcsefec2cf3f20:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/94062
https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-02-13T21:00:00

Updated: 2024-08-06T02:20:31.055Z

Reserved: 2016-09-28T00:00:00

Link: CVE-2016-8352

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-02-13T21:59:00.767

Modified: 2024-11-21T02:59:12.287

Link: CVE-2016-8352

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Schneider Electric ConneXium TCSEFEC2*", "vendor": "n/a", "versions": [{"status": "affected", "version": "Schneider Electric ConneXium TCSEFEC2*"}]}], "datePublic": "2017-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code."}], "problemTypes": [{"descriptions": [{"description": "Schneider Electric ConneXium Buffer Overflow Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-02-14T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "94062", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94062"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-8352", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Schneider Electric ConneXium TCSEFEC2*", "version": {"version_data": [{"version_value": "Schneider Electric ConneXium TCSEFEC2*"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Schneider Electric ConneXium Buffer Overflow Vulnerability"}]}]}, "references": {"reference_data": [{"name": "94062", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94062"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:20:31.055Z"}, "title": "CVE Program Container", "references": [{"name": "94062", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94062"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-8352", "datePublished": "2017-02-13T21:00:00", "dateReserved": "2016-09-28T00:00:00", "dateUpdated": "2024-08-06T02:20:31.055Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:connexium_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0393FFB-DB2B-4C4E-95F2-CA1211467964", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tcsefec23f3f20:-:*:*:*:*:*:*:*", "matchCriteriaId": "98AE5D38-8266-4E4A-B52F-9CBEB022DD74", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:tcsefec23f3f21:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E89FA24-0128-4DF4-BFFF-0FD2C8E0386F", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:tcsefec23fcf20:-:*:*:*:*:*:*:*", "matchCriteriaId": "7920453C-8B00-4E88-AB28-F051CEC2D0BA", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:tcsefec23fcf21:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE3371CC-A330-4777-887A-2ED11FE1A039", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:tcsefec2cf3f20:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BFDA3E0-E594-413D-98CB-5409FDBE60E4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code."}, {"lang": "es", "value": "Ha sido descubierto un problema en los cortafuegos Schneider Electric ConneXium TCSEFEC23F3F20 todas las versiones, TCSEFEC23F3F21 todas las versiones, TCSEFEC23FCF20 todas las versiones, TCSEFEC23FCF21 todas las versiones, y TCSEFEC2CF3F20 todas las versiones. Un desbordamiento de b\u00fafer basado en pila puede ser desencadenado durante el proceso de autenticaci\u00f3n de inicio de sesi\u00f3n SNMP que puede permitir a un atacante ejecutar c\u00f3digo remotamente."}], "id": "CVE-2016-8352", "lastModified": "2024-11-21T02:59:12.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-13T21:59:00.767", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94062"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94062"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}