CVE-2024-6352 Schneider Electric CVE debrief

Who should care

Organizations using Schneider Electric Zigbee products, especially Wiser iTRV2 deployments and any environment that allows device pairing or network onboarding, should review this advisory. OT/IoT administrators responsible for Zigbee hubs, commissioning workflows, and device enrollment controls should prioritize it.

Technical summary

The source describes a CWE-120 buffer overflow that can be triggered when a malicious device joins the network. The supplied CVSS vector is AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, which indicates an adjacent-network attack surface, no privileges or user interaction required, and availability-only impact. The advisory’s mitigation guidance focuses on tightening Zigbee pairing and key-management practices rather than providing a reboot-based workaround.

Defensive priority

Medium priority: act promptly if Zigbee onboarding is exposed, but this is not a KEV-listed issue in the supplied corpus.

Recommended defensive actions

• Do not allow unknown devices to join the Zigbee network.
• Review how the Zigbee hub manages device pairing and commissioning.
• Only open the network when adding new devices, and close it immediately afterward.
• Use install codes where possible and replace default or well-known keys with unique secure keys.
• Follow the product-specific guidance in Schneider Electric SEVD-2026-013-03 and CISA ICSA-26-027-03.

Evidence notes

All claims are based on the supplied CISA CSAF source item and its listed official references. The advisory text explicitly states a CWE-120 buffer overflow leading to denial of service when a malicious device joins the network. The CVSS vector and score are provided in the source metadata. No KEV entry or ransomware association is present in the supplied corpus. Timing references use the advisory publication and modification dates provided with the CVE record, not the CVE identifier year.

Official resources