PatchSiren cyber security CVE debrief

CVE-2016-8367 Schneider Electric CVE debrief

CVE-2016-8367 describes a denial-of-service condition in several Schneider Electric Magelis panel firmware families. A remote attacker can open multiple connections to the targeted web server and leave them open, which can block new connections and make the web server unavailable during the attack. The CVE was published on 2017-02-13 and is rated CVSS 3.1 5.3 MEDIUM in the supplied record.

Vendor: Schneider Electric
Product: CVE-2016-8367
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

OT/ICS operators, plant engineers, and asset owners using Schneider Electric Magelis HMI panels and their embedded web services, especially the listed Magelis GTO, GTU, STO5xx, STU, XBT GH, XBT GK, XBT GT, and XBT GTW Windows XPe product families.

Technical summary

The supplied NVD record maps the issue to CWE-400 (Uncontrolled Resource Consumption). The attack vector is network-based, requires no privileges and no user interaction, and has low complexity. The described effect is availability-only: by holding many web server connections open, an attacker can exhaust connection capacity and prevent legitimate clients from reaching the service. The vulnerable CPEs in the record are firmware entries for the listed Magelis panel families; the corresponding hardware CPEs are not marked vulnerable.

Defensive priority

Medium. The issue is a remotely reachable availability problem with no confidentiality or integrity impact in the supplied CVSS vector, but it can disrupt web access on affected HMI devices and should be addressed promptly in operational environments.

Recommended defensive actions

Identify whether any Schneider Electric Magelis firmware in the listed families is deployed in your environment.
Check vendor and ICS-CERT guidance for mitigation or firmware updates referenced in the record.
Restrict network exposure to the device web server where feasible, especially from untrusted or broad network segments.
Monitor for abnormal connection counts or repeated long-lived web sessions against the HMI web interface.
Segment OT assets so a web-service disruption on one panel does not affect broader operations.
Prioritize remediation on internet-reachable or cross-zone-exposed panels first.

Evidence notes

Source corpus states: affected products include Magelis GTO Advanced Optimum Panels, Magelis GTU Universal Panel, Magelis STO5xx and STU Small panels, Magelis XBT GH Advanced Hand-held Panels, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, Magelis XBT GT Advanced Touchscreen Panels, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe), all versions. NVD CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, with CWE-400. Provided references include the CVE record, NVD detail, and advisory links from ICS-CERT/US-CERT and SecurityFocus.

Official resources

CVE-2016-8367 CVE record
CVE.org
CVE-2016-8367 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource

CVE published 2017-02-13. The supplied record was later modified by NVD on 2026-05-13. No KEV listing is present in the supplied data.