CVE-2018-7824

Description

An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.

References

Link	Tags
https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/	patch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2018-7824?: CVE-2018-7824 has been scored as a medium severity vulnerability.
How to fix CVE-2018-7824?: To fix CVE-2018-7824, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-7824 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2018-7824 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-7824?: CVE-2018-7824 affects Schneider Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior).

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-610 – Externally Controlled Reference to a Resource in Another Sphere

References

Frequently Asked Questions