Schneider-Electric: >> Ecostruxure Foxboro Dcs Control Core Services >> 9.8 Security Vulnerabilities
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service,
privilege escalation, and potentially kernel execution when a malicious actor with local user
access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-07-11
CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or
kernel memory leak when a malicious actor with local user access crafts a script/program using
an IOCTL call in the Foxboro.sys driver.
CVSS Score
7.1
EPSS Score
0.0
Published
2024-07-11
CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL
call in the Foxboro.sys driver.
CVSS Score
7.1
EPSS Score
0.0
Published
2024-07-11