Vulnerabilities > CVE-2018-7522 - Unspecified vulnerability in Schneider-Electric Triconex Tricon MP 3008 Firmware 10.0

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

schneider-electric

NVD

Published: 2018-05-04

Updated: 2019-10-09

Summary

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Triconex Tricon MP 3008 Firmware 10.0	1
Hardware	Schneider-Electric Schneider Electric Triconex Tricon MP 3008 -	1

References

https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02
http://www.securityfocus.com/bid/103947