Foxboro.sys Out-of-Bounds Write Vulnerability Could Lead to Local Denial-of-Service or Kernel Memory Leak
CVE-2024-5679

7.1HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Foxboro Dcs Core Control Services
Vendor: CVE Published:; 11 July 2024

Summary

An out-of-bounds write vulnerability exists in the Foxboro.sys driver, allowing local users to exploit the flaw by crafting a malicious script or program that utilizes an IOCTL call. This exploitation can lead to local denial-of-service attacks or unintentional leakage of kernel memory. The vulnerability poses a significant risk, particularly in environments where the Foxboro.sys driver is deployed, as it permits unauthorized actions that can compromise system stability and security.

Affected Version(s)

EcoStruxure Foxboro DCS Core Control Services Versions 9.8 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jun 6, 2024

Collectors

NVD DatabaseMitre Database