PatchSiren cyber security CVE debrief
CVE-2016-8352 Schneider Electric CVE debrief
CVE-2016-8352 is a critical Schneider Electric ConneXium firewall vulnerability published on 2017-02-13. According to the official record, a stack-based buffer overflow in the SNMP login authentication process can allow remote code execution. The NVD entry rates the issue CVSS 10.0 with network attack vector, no privileges required, no user interaction, and high impact to confidentiality, integrity, and availability.
- Vendor
- Schneider Electric
- Product
- CVE-2016-8352
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Security teams responsible for Schneider Electric ConneXium firewalls, especially the affected TCSEFEC23F3F20, TCSEFEC23F3F21, TCSEFEC23FCF20, TCSEFEC23FCF21, and TCSEFEC2CF3F20 device families, should treat this as urgent. It is most relevant where SNMP is enabled or management interfaces are reachable from untrusted networks.
Technical summary
The reported flaw is a stack-based buffer overflow triggered during SNMP login authentication. The NVD record classifies the weakness as CWE-119 and lists the attack vector as network-based with low complexity. Because the issue can be reached during authentication and is rated as scope-changing with high confidentiality, integrity, and availability impact, the concern is remote code execution on affected ConneXium firewall firmware and related device models.
Defensive priority
Immediate. This is a critical remote code execution risk on network-facing industrial firewall equipment. Prioritize any affected devices that expose SNMP or management services, or that sit in sensitive OT/ICS environments.
Recommended defensive actions
- Review the official CVE and NVD records and the linked ICS-CERT advisory for vendor guidance.
- Identify all Schneider Electric ConneXium devices matching the affected models and confirm whether they run vulnerable firmware.
- Restrict SNMP and management access to trusted administrative networks only, with tight allowlisting and segmentation.
- If vendor remediation is available in the advisory path, apply it as soon as operationally feasible.
- Monitor affected environments for unusual SNMP authentication activity, unexpected service behavior, or signs of device compromise.
- If immediate patching is not possible, reduce exposure by disabling unnecessary SNMP access and isolating the devices from broader network reach.
Evidence notes
This debrief is based on the official CVE/NVD record and the cited ICS-CERT advisory references included in the source corpus. Supported facts include the affected Schneider Electric ConneXium device models, the SNMP authentication buffer overflow, CWE-119 classification, and the CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. No exploit details or unsupported remediation claims are included.
Official resources
-
CVE-2016-8352 CVE record
CVE.org
-
CVE-2016-8352 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
The CVE was published on 2017-02-13. The source record was later modified on 2026-05-13, which should be treated as metadata update timing rather than original issue disclosure.