SB2018041902 - Multiple vulnerabilities in Schneider Electric Triconex Tricon

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018041902

SB2018041902 - Multiple vulnerabilities in Schneider Electric Triconex Tricon

Published: April 19, 2018

Security Bulletin ID SB2018041902
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2018-8872)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when the system call reads directly from memory addresses within the control program area without any verification. A remote unauthenticated attacker can trigger memory corruption, copy any data within memory.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Buffer overflow (CVE-ID: CVE-2018-7522)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to registers are stored to a fixed memory location when a system call is made. A local attacker can trigger memory corruption, modify the data in this location and gain supervisor-level access and control system states.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References