PT-2018-2177 · Schneider Electric · Guicon

Published

2018-12-04

Updated

2019-02-08

CVE-2018-7815

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eurotherm by Schneider Electric GUIcon version V2.0 (Gold Build 683.0)

Description The issue is related to a type confusion error in the 3core.dll library of the GUIcon software, which can be exploited by a remote attacker to execute code during the parsing of a GD1 file. This type of error is classified as a Type Confusion vulnerability.

Recommendations For Eurotherm by Schneider Electric GUIcon version V2.0 (Gold Build 683.0), consider restricting access to the c3core.dll library until a patch is available, and avoid parsing untrusted GD1 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Type Confusion

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-704

Related Identifiers

BDU:2019-00130

CVE-2018-7815

ZDI-18-1410

Affected Products

Guicon

PT-2018-2177 · Schneider Electric · Guicon

CVE-2018-7815

Weakness Enumeration

Related Identifiers

Affected Products

References · 8