CVE-2017-6017

Name: CVE-2017-6017
Creator: NVD / NIST
Published: 2017-06-30T03:29:00.233+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.77%

Last modified Jun 17, 2026

CVE-2017-6017 is a vulnerability of currently unknown severity. A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.. EPSS estimates a 4.77% chance of exploitation in the next 30 days.

Description

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

Metrics

EPSS Probability

4.77%

90.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Schneider-Electric	Bmxnoc0401 Firmware	2.8
Schneider-Electric	Bmxnoe0100 Firmware	2.8
Schneider-Electric	Bmxnoe0110 Firmware	2.8
Schneider-Electric	Bmxnoe0110h Firmware	2.8
Schneider-Electric	Bmxnor0200h Firmware	2.8
Schneider-Electric	Modicon M340 Bmxp341000 Firmware	2.8
Schneider-Electric	Modicon M340 Bmxp342000 Firmware	2.8
Schneider-Electric	Modicon M340 Bmxp3420102 Firmware	2.8
Schneider-Electric	Modicon M340 Bmxp3420102cl Firmware	2.8
Schneider-Electric	Modicon M340 Bmxp342020 Firmware	2.8
Schneider-Electric	Modicon M340 Bmxp342020h Firmware	2.8
Schneider-Electric	Modicon M340 Bmxp342030 Firmware	2.8
Schneider-Electric	Modicon M340 Bmxp3420302 Firmware	2.8
Schneider-Electric	Modicon M340 Bmxp3420302h Firmware	2.8
Schneider-Electric	Modicon M340 Bmxp342030h Firmware	2.8

References

http://www.securityfocus.com/bid/96414Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03Mitigation, Third Party Advisory, US Government Resource
https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/
http://www.securityfocus.com/bid/96414Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03Mitigation, Third Party Advisory, US Government Resource
https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/

Timeline

Published: Jun 30, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-6017?

How severe is CVE-2017-6017?

Severity scoring for CVE-2017-6017 is pending analysis. The EPSS model estimates a 4.77% probability of exploitation in the next 30 days.

How do I fix CVE-2017-6017?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-6017?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST