CVE-2018-8872
HIGH EXPLOITEDSchneider Electric Triconex Tricon MP <10.5 - Memory Corruption
Title source: llmExploitation Summary
CVE-2018-8872 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103947
Scores
CVSS v3
8.1
EPSS
0.0076
EPSS Percentile
73.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2018-01-12
CWE
CWE-119
Status
published
Products (1)
schneider-electric/triconex_tricon_mp_3008_firmware
10.0 - 10.4
Published
May 04, 2018
Tracked Since
Feb 18, 2026