Schneider Electric EcoStruxure Foxboro DCS Core Control Services up to 9.8 Foxboro.sys array index
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in Schneider Electric EcoStruxure Foxboro DCS Core Control Services up to 9.8. Affected by this issue is some unknown functionality in the library Foxboro.sys. The manipulation leads to array index. This vulnerability is documented as CVE-2024-5680. The attack needs to be performed locally. There is not any exploit available. It is recommended to apply a patch to fix this issue.
Details
A vulnerability was found in Schneider Electric EcoStruxure Foxboro DCS Core Control Services up to 9.8. It has been rated as problematic. This issue affects some unknown processing in the library Foxboro.sys. The manipulation with an unknown input leads to a array index vulnerability. Using CWE to declare the problem leads to CWE-129. The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
It is possible to read the advisory at download.schneider-electric.com. The identification of this vulnerability is CVE-2024-5680 since 06/06/2024. The exploitation is known to be easy. Attacking locally is a requirement. Technical details of the vulnerability are known, but there is no available exploit.
Applying a patch is able to eliminate this problem.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.0VulDB Meta Temp Score: 5.9
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CNA Base Score: 7.1
CNA Vector (schneider): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Array indexCWE: CWE-129 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Timeline
06/06/2024 🔍07/11/2024 🔍
07/11/2024 🔍
07/13/2024 🔍
Sources
Vendor: schneider-electric.comAdvisory: SEVD-2024-191-02
Status: Confirmed
CVE: CVE-2024-5680 (🔍)
GCVE (CVE): GCVE-0-2024-5680
GCVE (VulDB): GCVE-100-271151
Entry
Created: 07/11/2024 10:48Updated: 07/13/2024 04:20
Changes: 07/11/2024 10:48 (64), 07/11/2024 15:02 (1), 07/13/2024 04:20 (11)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.