CVE-2018-8872

Name of the Vulnerable Software and Affected Versions: Schneider Electric Triconex Tricon MP 3008 firmware versions 10.0 through 10.4

Description: The issue is related to a buffer overflow in memory, which could allow a remote attacker to gain unauthorized access to protected information. In the affected firmware versions, system calls read directly from memory addresses within the control program area without verification, potentially allowing an attacker to manipulate data and copy it anywhere within memory.

Recommendations: For firmware versions 10.0 through 10.4, consider restricting access to the control program area to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.