CVE-2018-8872 Vulnerability Details

  /     /     /  

CVE-2018-8872 Metadata Quick Info

CVE Published: 04/05/2018 | CVE Updated: 16/09/2024 | CVE Year: 2018
Source: icscert | Vendor: Schneider Electric | Product: Triconex Tricon
Status : PUBLISHED

---

CVE-2018-8872 Description

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-119
CWE Name: Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119
Source: Schneider Electric

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).