PatchSiren cyber security CVE debrief
CVE-2024-5679 Schneider Electric CVE debrief
CVE-2024-5679 is a high-severity (CVSS 7.1) out-of-bounds write vulnerability (CWE-787) in the Foxboro.sys driver of Schneider Electric's EcoStruxure™ Foxboro DCS Core Control Services. Published on July 9, 2024, this vulnerability affects versions 9.5 through 9.8 of the distributed control system software used in industrial process automation environments. The flaw requires local user access to exploit, where a malicious actor can craft a script or program using an IOCTL call to trigger the vulnerability, potentially causing local denial-of-service conditions or kernel memory leaks. The attack vector is local with low attack complexity and low privileges required, though the impact to integrity and availability is high. Schneider Electric has released patch HF97872598 to address this vulnerability for affected versions. Given the industrial control system context, organizations should prioritize patching while implementing compensating controls including physical security of workstations and strict access controls to prevent unauthorized local access.
- Vendor
- Schneider Electric
- Product
- EcoStruxureTM Foxboro DCS Core Control Services
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-07-09
- Advisory updated
- 2024-07-09
Who should care
Organizations operating Schneider Electric EcoStruxure Foxboro DCS Core Control Services in industrial process control environments, particularly in critical infrastructure sectors such as energy, water, chemical manufacturing, and oil & gas. System administrators, OT security teams, and plant engineers responsible for maintaining DCS workstation security should prioritize this patch. Organizations with regulatory compliance requirements for industrial control system security (NERC CIP, IEC 62443) should assess this vulnerability against their risk management frameworks.
Technical summary
The vulnerability exists in the Foxboro.sys kernel driver component of EcoStruxure™ Foxboro DCS Core Control Services. An out-of-bounds write (CWE-787) can be triggered through crafted IOCTL calls, enabling a locally authenticated user to corrupt kernel memory. This can result in denial-of-service conditions or kernel memory leaks. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) indicates local attack vector with low complexity, requiring low privileges but yielding high impact to system integrity and availability. No confidentiality impact is rated. The vulnerability does not appear in CISA's Known Exploited Vulnerabilities catalog as of the advisory date.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor patch HF97872598 for EcoStruxure Foxboro DCS Core Control Services versions 9.5-9.8 by contacting Schneider Electric Process Automation Global Customer Support Center
- Ensure EcoStruxure Foxboro DCS workstations are installed in physically secure locations to prevent unauthorized local access
- Implement strong password protections and access controls to prevent remote compromise that could lead to local access
- Subscribe to Schneider Electric's security notification service for future vulnerability alerts
- Review and apply CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
CVE description and CVSS vector confirm local attack vector (AV:L) with low complexity (AC:L) and low privileges (PR:L), but high impact to integrity (I:H) and availability (A:H). Affected product versions 9.5-9.8 confirmed through CSAF product tree. Patch HF97872598 availability confirmed through vendor remediation guidance.
Official resources
-
CVE-2024-5679 CVE record
CVE.org
-
CVE-2024-5679 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09