Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Triconex Tricon by Schneider Electric
CVE-2018-8872 (GCVE-0-2018-8872)
Vulnerability from nvd – Published: 2018-05-04 17:00 – Updated: 2024-09-16 16:32
VLAI
Summary
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.
Severity
No CVSS data available.
CWE
- CWE-119 - Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/103947 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Triconex Tricon |
Affected:
MP model 3008 firmware versions 10.0-10.4
|
Date Public
2018-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Triconex Tricon",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "MP model 3008 firmware versions 10.0-10.4"
}
]
}
],
"datePublic": "2018-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-05T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-17T00:00:00",
"ID": "CVE-2018-8872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Triconex Tricon",
"version": {
"version_data": [
{
"version_value": "MP model 3008 firmware versions 10.0-10.4"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8872",
"datePublished": "2018-05-04T17:00:00.000Z",
"dateReserved": "2018-03-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:32:36.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7522 (GCVE-0-2018-7522)
Vulnerability from nvd – Published: 2018-05-04 17:00 – Updated: 2024-09-17 00:02
VLAI
Summary
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states.
Severity
No CVSS data available.
CWE
- CWE-119 - Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/103947 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Triconex Tricon |
Affected:
MP model 3008 firmware versions 10.0-10.4
|
Date Public
2018-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Triconex Tricon",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "MP model 3008 firmware versions 10.0-10.4"
}
]
}
],
"datePublic": "2018-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-05T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-17T00:00:00",
"ID": "CVE-2018-7522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Triconex Tricon",
"version": {
"version_data": [
{
"version_value": "MP model 3008 firmware versions 10.0-10.4"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7522",
"datePublished": "2018-05-04T17:00:00.000Z",
"dateReserved": "2018-02-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:02:25.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8872 (GCVE-0-2018-8872)
Vulnerability from cvelistv5 – Published: 2018-05-04 17:00 – Updated: 2024-09-16 16:32
VLAI
Summary
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.
Severity
No CVSS data available.
CWE
- CWE-119 - Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/103947 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Triconex Tricon |
Affected:
MP model 3008 firmware versions 10.0-10.4
|
Date Public
2018-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Triconex Tricon",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "MP model 3008 firmware versions 10.0-10.4"
}
]
}
],
"datePublic": "2018-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-05T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-17T00:00:00",
"ID": "CVE-2018-8872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Triconex Tricon",
"version": {
"version_data": [
{
"version_value": "MP model 3008 firmware versions 10.0-10.4"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8872",
"datePublished": "2018-05-04T17:00:00.000Z",
"dateReserved": "2018-03-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:32:36.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7522 (GCVE-0-2018-7522)
Vulnerability from cvelistv5 – Published: 2018-05-04 17:00 – Updated: 2024-09-17 00:02
VLAI
Summary
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states.
Severity
No CVSS data available.
CWE
- CWE-119 - Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/103947 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Triconex Tricon |
Affected:
MP model 3008 firmware versions 10.0-10.4
|
Date Public
2018-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Triconex Tricon",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "MP model 3008 firmware versions 10.0-10.4"
}
]
}
],
"datePublic": "2018-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-05T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-17T00:00:00",
"ID": "CVE-2018-7522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Triconex Tricon",
"version": {
"version_data": [
{
"version_value": "MP model 3008 firmware versions 10.0-10.4"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02"
},
{
"name": "103947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7522",
"datePublished": "2018-05-04T17:00:00.000Z",
"dateReserved": "2018-02-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:02:25.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}