Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update B)
Act Now7.5ICS-CERT ICSA-16-308-02BAug 7, 2016
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Schneider Electric Magelis HMI panels contain a resource consumption vulnerability (CWE-400) that allows an attacker to send malicious network traffic without authentication, exhausting CPU and memory resources. This causes the HMI panel to become unresponsive, preventing operators from monitoring or controlling processes. All versions of the Magelis GTO, GTU, STO5xx, STU, XBT GH, XBT GK, XBT GT, and XBT GTW product lines are affected. No vendor patch is planned.
What this means
What could happen
An attacker can flood the HMI panel with network traffic, consuming CPU and memory resources until the display becomes unresponsive and operations cannot be monitored or controlled from the panel.
Who's at risk
Water utilities, electric utilities, manufacturing plants, and chemical facilities using Schneider Electric Magelis HMI panels for process monitoring and control. Any facility where HMI panel availability is critical to safe plant operations should prioritize mitigation.
How it could be exploited
An attacker sends excessive network packets to the HMI panel with no authentication required. The panel lacks rate limiting or resource protection, allowing the attacker to exhaust CPU and memory, causing the human-machine interface to freeze or crash and preventing operators from seeing process status or issuing commands.
Prerequisites
- Network reachability to the HMI panel (typically Ethernet on port 502 or proprietary industrial protocols)
- No credentials or authentication required
remotely exploitableno authentication requiredlow complexityhigh EPSS score (13.7%)no patch availableaffects safety systems
Exploitability
High exploit probability (EPSS 13.7%)
Affected products (7)
7 EOL
ProductAffected VersionsFix Status
Magelis GTO Advanced Optimum Panels: vers:all/*All versionsNo fix (EOL)
Magelis GTU Universal Panel: vers:all/*All versionsNo fix (EOL)
Magelis STO5xx and STU Small panels: vers:all/*All versionsNo fix (EOL)
Magelis XBT GH Advanced Hand-held Panels: vers:all/*All versionsNo fix (EOL)
Magelis XBT GK Advanced Touchscreen Panels with Keyboard: vers:all/*All versionsNo fix (EOL)
Magelis XBT GT Advanced Touchscreen Panels: vers:all/*All versionsNo fix (EOL)
Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe): vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGImplement network segmentation to restrict HMI panel access to authorized engineering workstations and control systems only; use industrial firewalls or managed switches to block untrusted traffic
WORKAROUNDDeploy rate limiting and packet filtering at the network boundary to reject flood traffic before it reaches the HMI panel
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor HMI panel CPU and memory utilization; set up alerts for anomalous resource consumption patterns
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Magelis GTO Advanced Optimum Panels: vers:all/*, Magelis GTU Universal Panel: vers:all/*, Magelis STO5xx and STU Small panels: vers:all/*, Magelis XBT GH Advanced Hand-held Panels: vers:all/*, Magelis XBT GK Advanced Touchscreen Panels with Keyboard: vers:all/*, Magelis XBT GT Advanced Touchscreen Panels: vers:all/*, Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe): vers:all/*. Apply the following compensating controls:
HARDENINGEnsure HMI panels are isolated on a dedicated industrial control network segment with no direct internet or untrusted LAN access
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8f34302f-57d6-46a1-b4a4-0e2a26af18cb