Vulnerabilities > CVE-2018-7522 - Unspecified vulnerability in Schneider-Electric Triconex Tricon MP 3008 Firmware 10.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
References
- http://www.securityfocus.com/bid/103947
- http://www.securityfocus.com/bid/103947
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02
- https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/
- https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/