DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2024-5679

High

Low Medium High Critical

7.1

CVSS Score

Published: Jul 11, 2024

Last Modified: Nov 21, 2024

CWE: CWE-787

Vulnerability Description

CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or
kernel memory leak when a malicious actor with local user access crafts a script/program using
an IOCTL call in the Foxboro.sys driver.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

1 configuration(s) from 1 vendor(s)

ecostruxure_foxboro_dcs_control_core_services

Version:

9.8

CPE:

cpe:2.3:a:schneider-electric:ecostruxure_foxboro_dcs_control_core_services:9.8:*:*:*:*:*:*:*

This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

7.1

out of 10.0

High

Weakness Type (CWE)

CWE-787 Top 25 #2

Out-of-bounds Write

Description: The product writes data past the end, or before the beginning, of the intended buffer.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Base