Vulnerability Details CVE-2018-7824
An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.6%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 6.8
References
Products affected by CVE-2018-7824
-
cpe:2.3:a:schneider-electric:driver_suite:14.12
-
cpe:2.3:a:schneider-electric:modbus_serial_driver:-
-
cpe:2.3:a:schneider-electric:modbus_serial_driver:1.10
-
cpe:2.3:a:schneider-electric:modbus_serial_driver:1.8
-
cpe:2.3:a:schneider-electric:modbus_serial_driver:2.17
-
cpe:2.3:a:schneider-electric:modbus_serial_driver:2.2
-
cpe:2.3:a:schneider-electric:modbus_serial_driver:2.20_ie_30
-
cpe:2.3:a:schneider-electric:modbus_serial_driver:3.17
-
cpe:2.3:a:schneider-electric:modbus_serial_driver:3.2
-
cpe:2.3:o:microsoft:windows:-