Vulnerability Description
An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modbus Serial Driver | <= 3.17 |
| Microsoft | Windows | - |
| Schneider-Electric | Driver Suite | <= 14.12 |
Related Weaknesses (CWE)
References
- https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/PatchVendor Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/PatchVendor Advisory
FAQ
What is CVE-2018-7824?
CVE-2018-7824 is a vulnerability with a CVSS score of 4.9 (MEDIUM). An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE...
How severe is CVE-2018-7824?
CVE-2018-7824 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7824?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modbus Serial Driver, Microsoft Windows, Schneider-Electric Driver Suite.