Foxboro.sys Driver Vulnerable to Local Denial-of-Service Attacks

CVE-2024-5680

5.5MEDIUM

Key Information

Vendor: Schneider Electric
Status: Ecostruxure Foxboro Dcs Core Control Services
Vendor: CVE Published:; 11 July 2024

Summary

CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

Affected Version(s)

EcoStruxure Foxboro DCS Core Control Services = Versions 9.8 and prior

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 11, 2024
Vulnerability Reserved.
Jun 6, 2024

Collectors

NVD DatabaseMitre Database