Vulnerability Description
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Triconex Tricon Mp 3008 Firmware | >= 10.0, <= 10.4 |
| Schneider-Electric | Triconex Tricon Mp 3008 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103947Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02Third Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/Vendor Advisory
- http://www.securityfocus.com/bid/103947Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02Third Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/Vendor Advisory
FAQ
What is CVE-2018-8872?
CVE-2018-8872 is a vulnerability with a CVSS score of 8.1 (HIGH). In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating...
How severe is CVE-2018-8872?
CVE-2018-8872 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-8872?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Triconex Tricon Mp 3008 Firmware, Schneider-Electric Triconex Tricon Mp 3008.