CVE-2024-10106 Schneider Electric CVE debrief

Who should care

Organizations and households that use Schneider Electric Wiser Zigbee products, especially administrators, installers, and anyone responsible for device pairing or network access controls on Wiser iTRV2 and the related affected product family.

Technical summary

The supplied CSAF advisory for Schneider Electric identifies a buffer overflow in the Zigbee product line, with CVE-2024-10106 specifically mapped to Wiser iTRV2. The issue can lead to denial of service when a malicious device joins the network. CISA’s republished advisory and the Schneider Electric notice recommend limiting device-join access, reviewing hub pairing settings, opening the network only when pairing new devices, and using install codes and unique keys instead of the well-known default key.

Defensive priority

Low to Moderate

Recommended defensive actions

• Restrict Zigbee device joining so unknown devices cannot pair with the network.
• Review hub settings to confirm how device pairing is managed and who can authorize joins.
• Only open the network when adding devices, then close it immediately afterward.
• Use install codes and replace default or well-known keys with unique, secure keys.
• Follow Schneider Electric notice SEVD-2026-013-03 and CISA advisory ICSA-26-027-03 for product-specific guidance across the affected Wiser device set.

Evidence notes

Supported by the CISA CSAF advisory ICSA-26-027-03 and the Schneider Electric SEVD-2026-013-03 references. The source text explicitly states a CWE-120 buffer overflow that can cause denial of service when a malicious device joins the network. The supplied CVSS vector indicates network exposure, high attack complexity, no privileges, no user interaction, and low availability impact only. CISA’s revision history shows an initial release on 2026-01-13 and a republication on 2026-01-27.

Official resources