CVE-2024-5680

CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
Configurations

Configuration 1 (hide)

cpe:2.3:a:schneider-electric:ecostruxure_foxboro_dcs_control_core_services:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.5
v2 : unknown
v3 : 7.1
References () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-02.pdf - Vendor Advisory () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-02.pdf - Vendor Advisory

12 Jul 2024, 16:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.1
v2 : unknown
v3 : 5.5
First Time Schneider-electric ecostruxure Foxboro Dcs Control Core Services
Schneider-electric
CPE cpe:2.3:a:schneider-electric:ecostruxure_foxboro_dcs_control_core_services:*:*:*:*:*:*:*:*
References () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-02.pdf - () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-02.pdf - Vendor Advisory

11 Jul 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) CWE-129: Existe una vulnerabilidad de validación inadecuada del índice de matriz que podría causar denegación de servicio local cuando un actor malicioso con acceso de usuario local crea un script/programa usando una llamada IOCTL en el controlador Foxboro.sys.

11 Jul 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-11 09:15

Updated : 2024-11-21 09:48


NVD link : CVE-2024-5680

Mitre link : CVE-2024-5680

CVE.ORG link : CVE-2024-5680


JSON object : View

Products Affected

schneider-electric

  • ecostruxure_foxboro_dcs_control_core_services
CWE
CWE-129

Improper Validation of Array Index