CVE-2018-8872

Summary

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricTriconex TriconMP model 3008 firmware versions 10.0-10.4affected

Weaknesses

  • CWE-119: Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119

ADP Enrichment

CVE Program Container

Additional References

References