CVE-2024-6350 Schneider Electric CVE debrief

Who should care

Organizations using Schneider Electric Zigbee products, especially Wiser iTRV2 deployments; building automation and OT teams; and administrators responsible for Zigbee pairing, device onboarding, and network key management.

Technical summary

The advisory describes a CWE-120 buffer overflow that can lead to denial of service when a malicious device joins the network. The supplied CVSS vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which indicates an adjacent-network attack with high availability impact and no confidentiality or integrity impact. The CSAF advisory lists Wiser iTRV2 among 34 Schneider Electric Zigbee products covered by the notice.

Defensive priority

Medium overall; prioritize sooner in environments where Zigbee join access is routinely opened, pairing controls are weak, or untrusted devices could reach the network.

Recommended defensive actions

• Do not allow unknown devices to join the Zigbee network.
• Review hub settings and how device pairing is managed.
• Only open the network when adding new devices, and close it immediately afterward.
• Use unique install codes where possible and avoid the well-known key; replace default keys with secure, unique keys.
• Review the Schneider Electric and CISA advisories for product-specific guidance and any updated mitigation notes.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-26-027-03 and the linked Schneider Electric SEVD-2026-013-03 notice. The source states that a CWE-120 buffer overflow can cause denial of service when a malicious device joins the network. The advisory’s product tree includes Wiser iTRV2 and many other Schneider Electric Zigbee products, and its remediation section recommends restricting device access, managing pairing windows, and using install codes/unique keys. The supplied CVSS vector is AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (6.5 medium).

Official resources