DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2024-5680

High

Low Medium High Critical

7.1

CVSS Score

Published: Jul 11, 2024

Last Modified: Nov 21, 2024

CWE: CWE-129

Vulnerability Description

CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL
call in the Foxboro.sys driver.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

1 configuration(s) from 1 vendor(s)

ecostruxure_foxboro_dcs_control_core_services

Version:

9.8

CPE:

cpe:2.3:a:schneider-electric:ecostruxure_foxboro_dcs_control_core_services:9.8:*:*:*:*:*:*:*

This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

7.1

out of 10.0

High

Weakness Type (CWE)

CWE-129

Improper Validation of Array Index

Description: The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Variant