CVE-2018-7803

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:schneider-electric:triconex_tristation_emulator:1.2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-22 21:29

Updated : 2023-12-10 12:59

NVD link : CVE-2018-7803

Mitre link : CVE-2018-7803

CVE.ORG link : CVE-2018-7803

JSON object : View

Products Affected

schneider-electric

triconex_tristation_emulator

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

{"id": "CVE-2018-7803", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-05-22T21:29:00.277", "references": [{"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant."}, {"lang": "es", "value": "Una CWE-754: Existe una vulnerabilidad de Comprobaci\u00f3n Inapropiada para condiciones inusuales o excepcionales en Triconex TriStation Emulator V1.2.0, que podr\u00eda hacer que el emulador se bloquee al enviar un paquete creado especialmente. El emulador se utiliza con poca frecuencia para pruebas l\u00f3gica de aplicaci\u00f3n. Es susceptible a un ataque solo mientras se ejecuta en modo Off-Line. Esta vulnerabilidad no existe en los productos de hardware de Triconex y por lo tanto no tiene efectos en las funciones de seguridad operativa en una planta."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:triconex_tristation_emulator:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB9CF5BE-97F7-4585-B9DF-B42D5EFE914D"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}