VYPR

Triconex Tricon MP

by Schneider Electric

CVEs (2)

  • CVE-2018-8872HigMay 4, 2018
    risk 0.53cvss 8.1epss 0.02

    In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.

  • CVE-2018-7522MedMay 4, 2018
    risk 0.44cvss 6.7epss 0.00

    In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states.