July 27, 2017
ICS-CERT has updated its advisory titled “Schneider Electric Magelis HMI Resource Consumption Vulnerabilities.” Schneider Electric has released a new version of Vijeo XD, Version 2.4.2, which does not integrate the web server feature containing the identified vulnerabilities. ICS-CERT.
November 22, 2016
ICS-CERT has updated its November 3 advisory on resource consumption vulnerabilities affecting Schneider Electric’s Magelis human-machine interface (HMI) products. Product versions prior to Version 6.2 Service Pack 2 require the user to reboot the affected device in order to regain operation. Schneider Electric advises users with products having Runtime versions prior to Version 6.2 Service Pack 2 to upgrade to the latest available version. Current versions of the Runtime do not require a reboot for the HMI to recover from attack. Schneider Electric has also provided interim mitigation steps. ICS-CERT.
November 3, 2016
ICS-CERT has posted an advisory on resource consumption vulnerabilities affecting Schneider Electric’s Magelis human-machine interface (HMI) products. Schneider Electric is planning to release new versions to mitigate these vulnerabilities. Detailed vulnerability information is publicly available that could be used to develop an exploit that targets these vulnerabilities. Successful exploitation of these vulnerabilities could result in a denial of service for the affected devices. The affected products are human-machine interfaces (HMIs). These products are deployed worldwide across several sectors. ICS-CERT.