PatchSiren cyber security CVE debrief
CVE-2024-6351 Schneider Electric CVE debrief
CVE-2024-6351 is a medium-severity Schneider Electric Zigbee advisory issue published by CISA on 2026-01-13. The disclosed weakness is a CWE-120 buffer overflow that can cause a denial of service when a malicious device joins the network. The published CVSS vector (4.3, AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) indicates adjacent-network conditions and availability-only impact.
- Vendor
- Schneider Electric
- Product
- Wiser iTRV2
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-01-27
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-01-27
Who should care
Schneider Electric customers and operators using Wiser iTRV2, and teams managing Zigbee device pairing or network-join settings across the broader Schneider Electric Zigbee product set listed in the advisory.
Technical summary
The advisory describes a buffer overflow in Zigbee product handling that may be triggered when a malicious device joins the network. Based on the published vector, the issue requires adjacent-network conditions and does not affect confidentiality or integrity, but it can disrupt availability.
Defensive priority
Medium — address during the normal maintenance cycle, but prioritize sooner if Zigbee pairing is routinely enabled or device admission is difficult to tightly control.
Recommended defensive actions
- Restrict device access so unknown devices cannot join the Zigbee network.
- Review hub settings to confirm how device pairing and admission are controlled.
- Only open the network when adding new devices, and close it immediately afterward.
- Use install codes where possible and avoid the well-known key.
- Replace default keys with secure, unique keys.
- Inventory whether Wiser iTRV2 or other Schneider Electric Zigbee products from the advisory are in use, and apply vendor guidance to each affected product.
- Monitor the Schneider Electric notice and the CISA advisory for any updates or revised remediation guidance.
Evidence notes
The source corpus identifies CISA advisory ICSA-26-027-03 and Schneider Electric’s SEVD-2026-013-03 notice as the primary sources. The advisory metadata lists CVE-2024-6351, describes a CWE-120 buffer overflow leading to denial of service when a malicious device joins the network, and provides the CVSS 3.1 vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (score 4.3). The advisory was initially published on 2026-01-13 and republished by CISA on 2026-01-27 from Schneider Electric’s original notice. The remediation text in the source specifically recommends restricting device access, reviewing hub settings, limiting when the network is open for pairing, and using install codes and unique keys.
Official resources
-
CVE-2024-6351 CVE record
CVE.org
-
CVE-2024-6351 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA ICS Advisory ICSA-26-027-03 on 2026-01-13, with CISA republication of Schneider Electric’s original SEVD-2026-013-03 notice on 2026-01-27. Timing in this debrief follows the CVE published date, not the later repub