PatchSiren cyber security CVE debrief
CVE-2024-5681 Schneider Electric CVE debrief
CVE-2024-5681 is a high-severity vulnerability in Schneider Electric's EcoStruxure™ Foxboro DCS Core Control Services, published on July 9, 2024. The flaw stems from improper input validation (CWE-20) in the Foxboro.sys driver, enabling a local attacker to craft malicious IOCTL calls that can trigger denial-of-service, privilege escalation, or potentially kernel-level code execution. The attack requires local user access but carries significant impact given the industrial control system context. Affected versions span from 9.5 through 9.8. Schneider Electric has released patch HF97872598 to address this vulnerability.
- Vendor
- Schneider Electric
- Product
- EcoStruxureTM Foxboro DCS Core Control Services
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-07-09
- Advisory updated
- 2024-07-09
Who should care
Organizations operating Schneider Electric EcoStruxure™ Foxboro DCS Core Control Services versions 9.5–9.8 in industrial process control environments, particularly in critical infrastructure sectors such as energy, water, chemical manufacturing, and oil & gas where Foxboro DCS platforms are deployed.
Technical summary
The vulnerability resides in the Foxboro.sys kernel driver component of EcoStruxure™ Foxboro DCS Core Control Services. Insufficient validation of input parameters to IOCTL handlers allows a locally authenticated user to send crafted requests that can corrupt kernel memory structures. This can result in system crashes (DoS), elevation from user to SYSTEM or kernel privileges, or arbitrary code execution in kernel context. The attack surface is limited to local access, but the impact is severe due to kernel-level compromise potential in critical infrastructure environments.
Defensive priority
HIGH
Recommended defensive actions
- Apply Schneider Electric patch HF97872598 for affected versions 9.5–9.8 of EcoStruxure™ Foxboro DCS Core Control Services
- Contact Schneider Electric Process Automation Global Customer Support or local Service Representative for patch download and installation assistance
- Restrict physical access to EcoStruxure™ Foxboro DCS workstations to authorized personnel only
- Implement strong password policies to prevent unauthorized remote access to affected systems
- Subscribe to Schneider Electric's security notification service for future vulnerability alerts
- Monitor for anomalous local process activity or unexpected IOCTL calls to the Foxboro.sys driver
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- resourceLinkAnnotations:ref-4,ref-5,ref-6,ref-7,ref-9
Evidence notes
CVE published 2024-07-09; CISA ICS advisory ICSA-24-345-02 issued same date; Schneider Electric security notice SEVD-2024-191-02 confirms patch availability. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H yields score 7.8.
Official resources
-
CVE-2024-5681 CVE record
CVE.org
-
CVE-2024-5681 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09