What the vulnerability does

01Description

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.

Key dates

02Disclosure timeline

May 4, 2018 CVE published
September 16, 2024 Record updated