Foxboro.sys Driver Vulnerable to Local Denial-of-Service Attacks
CVE-2024-5680

5.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Foxboro Dcs Core Control Services
Vendor: CVE Published:; 11 July 2024

Summary

CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

Affected Version(s)

EcoStruxure Foxboro DCS Core Control Services Versions 9.8 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jun 6, 2024

Collectors

NVD DatabaseMitre Database