CVE-2018-7803

{"id": "CVE-2018-7803", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-05-22T21:29:00.277", "references": [{"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant."}, {"lang": "es", "value": "Una CWE-754: Existe una vulnerabilidad de Comprobaci\u00f3n Inapropiada para condiciones inusuales o excepcionales en Triconex TriStation Emulator V1.2.0, que podr\u00eda hacer que el emulador se bloquee al enviar un paquete creado especialmente. El emulador se utiliza con poca frecuencia para pruebas l\u00f3gica de aplicaci\u00f3n. Es susceptible a un ataque solo mientras se ejecuta en modo Off-Line. Esta vulnerabilidad no existe en los productos de hardware de Triconex y por lo tanto no tiene efectos en las funciones de seguridad operativa en una planta."}], "lastModified": "2024-11-21T04:12:45.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:triconex_tristation_emulator:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB9CF5BE-97F7-4585-B9DF-B42D5EFE914D"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}