CVE-2016-8352

critical

Published 2017-02-13 · Modified 2026-05-13

CVSS v3

10.0

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

10.0

Description

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.

Predictions

Exploit likelihood

98%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

http://www.securityfocus.com/bid/94062
https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01
http://www.securityfocus.com/bid/94062
https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.