In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.

Related CVEs

CVE-2018-8872

Key Information

GHSA ID

GHSA-ggm5-5h63-2mvr

Published

May 13, 2022 1:31 AM

Last Modified

May 13, 2022 1:31 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.