Vulnerability CVE-2018-7824
Published: 2019-05-22

Description:
An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.

Type:

CWE-400

 (Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:C/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Complete
None
Affected software
Schneider-electric -> Driver suite 
Schneider-electric -> Modbus serial driver 

 References:
https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/
Copyright 2024, cxsecurity.com

 

Back to Top