PatchSiren cyber security CVE debrief
CVE-2024-5680 Schneider Electric CVE debrief
CVE-2024-5680 is a high-severity local denial-of-service vulnerability in Schneider Electric's EcoStruxureâ„¢ Foxboro DCS Core Control Services, published on 2024-07-09. The flaw stems from CWE-129 (Improper Validation of Array Index) in the Foxboro.sys driver, where a malicious actor with local user access can trigger a DoS condition by crafting a script or program using an IOCTL call. The vulnerability affects versions 9.5 through 9.8 of the Core Control Services. Schneider Electric has released patch HF97872598 to address this issue. The CVSS v3.1 score of 7.1 reflects high impacts to integrity and availability, though the attack requires local access and low privileges. CISA has issued advisory ICSA-24-345-02 documenting this vulnerability.
- Vendor
- Schneider Electric
- Product
- EcoStruxureTM Foxboro DCS Core Control Services
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-07-09
- Advisory updated
- 2024-07-09
Who should care
Organizations operating Schneider Electric EcoStruxure Foxboro DCS Core Control Services in industrial environments, particularly those in critical infrastructure sectors. System administrators responsible for OT/ICS security, plant engineers, and cybersecurity teams managing distributed control systems should prioritize this patch due to the high availability impact and relatively low barrier to exploitation for authenticated local users.
Technical summary
The vulnerability exists in the Foxboro.sys driver component of EcoStruxureâ„¢ Foxboro DCS Core Control Services. An improper validation of array index (CWE-129) allows a locally authenticated attacker to cause denial-of-service by sending crafted IOCTL calls. The attack requires local user access but no user interaction. The CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H indicates local attack vector, low attack complexity, low privileges required, no user interaction, with high impact to integrity and availability but no confidentiality impact. Affected versions span from 9.5 to 9.8. The vendor fix requires system restart after patch application.
Defensive priority
HIGH
Recommended defensive actions
- Apply patch HF97872598 for EcoStruxure Foxboro DCS Core Control Services versions 9.5 through 9.8 by contacting Schneider Electric Process Automation Global Customer Support Center
- Ensure EcoStruxure Foxboro DCS workstations are installed in physically secure locations to prevent unauthorized local access
- Implement strong password protections to prevent remote access by unauthorized personnel
- Subscribe to Schneider Electric's security notification service for future vulnerability alerts
- Review CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
Vulnerability disclosed via CISA CSAF advisory ICSA-24-345-02 on 2024-07-09. Schneider Electric published security notice SEVD-2024-191-02. Patch HF97872598 available for affected versions 9.5-9.8.
Official resources
-
CVE-2024-5680 CVE record
CVE.org
-
CVE-2024-5680 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09