CVE-2018-8872

8.1HIGH

Key Information:

Vendor: Schneider Electric
Status: Triconex Tricon
Vendor: CVE Published:; 4 May 2018

Summary

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.

Affected Version(s)

Triconex Tricon MP model 3008 firmware versions 10.0-10.4

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_CONFIRM

https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02

x_refsource_MISC

http://www.securityfocus.com/bid/103947

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 4, 2018
Vulnerability Reserved
Mar 20, 2018

.