Details of VAR-201805-1150

ID

VAR-201805-1150

CVE

CVE-2018-7522

TITLE

Schneider Electric Triconex Tricon MP model 3008 Firmware buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004889

DESCRIPTION

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states. Schneider Electric Triconex Tricon MP model 3008 Firmware contains buffer error vulnerabilities and authorization / privilege / access control vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Triconex Tricon 3008 is a network equipment product from Schneider Electric, France. There are unauthorized operating vulnerabilities in SchneiderElectricTriconexTricon. Schneider Electric Triconex Tricon 3008 MP is prone to multiple memory corruption vulnerabilities. An attacker can exploit these issues to execute arbitrary code within the context of the affected device. Failed exploit attempts may result in a denial-of-service condition. Triconex Tricon 3008 MP Firmware versions 10.0 through 10.4 are vulnerable

Trust: 2.61

sources: NVD: CVE-2018-7522 // JVNDB: JVNDB-2018-004889 // CNVD: CNVD-2018-08449 // BID: 103947 // IVD: e2ed3c9e-39ab-11e9-a0ec-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2ed3c9e-39ab-11e9-a0ec-000c29342cb1 // CNVD: CNVD-2018-08449

AFFECTED PRODUCTS

vendor:	schneider electric	model:	triconex tricon mp 3008	scope:	lte	version:	10.0-10.4	Trust: 1.0
vendor:	schneider electric	model:	triconex tricon mp 3008	scope:	gte	version:	10.0	Trust: 1.0
vendor:	schneider electric	model:	triconex tricon mp 3008	scope:	eq	version:	10.0 to 10.4	Trust: 0.8
vendor:	schneider	model:	electric triconex tricon mp model	scope:	eq	version:	300810.0-10.4	Trust: 0.6
vendor:	schneider electric	model:	triconex tricon mp	scope:	eq	version:	300810.4	Trust: 0.3
vendor:	schneider electric	model:	triconex tricon mp	scope:	eq	version:	300810.0	Trust: 0.3
vendor:	schneider electric	model:	triconex tricon mp	scope:	ne	version:	300811.2	Trust: 0.3
vendor:	triconex tricon mp 3008	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2ed3c9e-39ab-11e9-a0ec-000c29342cb1 // CNVD: CNVD-2018-08449 // BID: 103947 // JVNDB: JVNDB-2018-004889 // NVD: CVE-2018-7522

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7522
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7522
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-08449
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201805-181
value:	MEDIUM
Trust: 0.6
IVD:	e2ed3c9e-39ab-11e9-a0ec-000c29342cb1
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2018-7522
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-08449
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ed3c9e-39ab-11e9-a0ec-000c29342cb1
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-7522
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2ed3c9e-39ab-11e9-a0ec-000c29342cb1 // CNVD: CNVD-2018-08449 // JVNDB: JVNDB-2018-004889 // CNNVD: CNNVD-201805-181 // NVD: CVE-2018-7522

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.8
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2018-004889 // NVD: CVE-2018-7522

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201805-181

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201805-181

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004889

PATCH

title:	SEVD-2017-347-01	url:	https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/	Trust: 0.8
title:	Patch for Schneider Electric Triconex Tricon Unauthorized Operational Vulnerability (CNVD-2018-08449)	url:	https://www.cnvd.org.cn/patchInfo/show/127469	Trust: 0.6
title:	Schneider Electric Triconex Tricon MP 3008 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79881	Trust: 0.6

sources: CNVD: CNVD-2018-08449 // JVNDB: JVNDB-2018-004889 // CNNVD: CNNVD-201805-181

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7522	Trust: 3.5
db:	ICS CERT	id:	ICSA-18-107-02	Trust: 3.3
db:	BID	id:	103947	Trust: 1.9
db:	SCHNEIDER	id:	SEVD-2017-347-01	Trust: 1.6
db:	CNVD	id:	CNVD-2018-08449	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-181	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-004889	Trust: 0.8
db:	IVD	id:	E2ED3C9E-39AB-11E9-A0EC-000C29342CB1	Trust: 0.2

sources: IVD: e2ed3c9e-39ab-11e9-a0ec-000c29342cb1 // CNVD: CNVD-2018-08449 // BID: 103947 // JVNDB: JVNDB-2018-004889 // CNNVD: CNNVD-201805-181 // NVD: CVE-2018-7522

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-107-02	Trust: 3.3
url:	https://www.schneider-electric.com/en/download/document/sevd-2017-347-01/	Trust: 1.6
url:	http://www.securityfocus.com/bid/103947	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7522	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7522	Trust: 0.8
url:	www.controlmicrosystems.com	Trust: 0.3

sources: CNVD: CNVD-2018-08449 // BID: 103947 // JVNDB: JVNDB-2018-004889 // CNNVD: CNNVD-201805-181 // NVD: CVE-2018-7522

CREDITS

NCCIC and Schneider Electric

Trust: 0.3

sources: BID: 103947

SOURCES

db:	IVD	id:	e2ed3c9e-39ab-11e9-a0ec-000c29342cb1
db:	CNVD	id:	CNVD-2018-08449
db:	BID	id:	103947
db:	JVNDB	id:	JVNDB-2018-004889
db:	CNNVD	id:	CNNVD-201805-181
db:	NVD	id:	CVE-2018-7522

LAST UPDATE DATE

2024-11-23T22:38:12.325000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-08449	date:	2018-04-26T00:00:00
db:	BID	id:	103947	date:	2018-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-004889	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-181	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-7522	date:	2024-11-21T04:12:17.490

SOURCES RELEASE DATE

db:	IVD	id:	e2ed3c9e-39ab-11e9-a0ec-000c29342cb1	date:	2018-04-26T00:00:00
db:	CNVD	id:	CNVD-2018-08449	date:	2018-04-26T00:00:00
db:	BID	id:	103947	date:	2018-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-004889	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-181	date:	2018-05-07T00:00:00
db:	NVD	id:	CVE-2018-7522	date:	2018-05-04T17:29:00.393