CVE-2018-8872 Information

Description

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4 system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/103947 https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02 https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1