CVE-2018-8872

EUVD-2018-20480
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
schneider-electrictriconex_tricon_mp_3008_firmware
10.0 ≤
𝑥
≤ 10.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103947
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02
https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/
http://www.securityfocus.com/bid/103947
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02
https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/