PatchSiren cyber security CVE debrief
CVE-2024-7322 Schneider Electric CVE debrief
CVE-2024-7322 is a medium-severity availability issue in Schneider Electric’s Wiser Zigbee product line. The CISA CSAF advisory (ICSA-26-027-03) describes a CWE-400 uncontrolled resource consumption condition that could lead to denial of service when a malicious device joins the network. The source item names Wiser iTRV2 and also lists additional Wiser/connected devices in scope. The published CVSS vector is AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H, indicating a network-reachable attack path with high complexity and high privileges required, and availability impact only.
- Vendor
- Schneider Electric
- Product
- Wiser iTRV2
- CVSS
- MEDIUM 5.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-01-27
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-01-27
Who should care
Organizations that operate Schneider Electric Wiser Zigbee deployments should care most, especially OT/IoT administrators, building automation teams, and anyone managing pairing or onboarding of Zigbee devices. Environments using Wiser iTRV2 or other listed Schneider Electric Zigbee products should review network-join controls and device trust settings.
Technical summary
According to the CISA-republished Schneider Electric advisory, the issue is an uncontrolled resource consumption weakness that can be triggered when a malicious device joins the Zigbee network, resulting in denial of service. The advisory’s remediation guidance focuses on preventing unauthorized device joins, controlling when the network is open for pairing, reviewing hub pairing behavior, and using install codes and unique keys instead of well-known/default keys.
Defensive priority
Moderate. Prioritize if you operate any affected Schneider Electric Zigbee devices in production or customer-facing environments, because the impact is denial of service and the main mitigations are operational controls around pairing and key management.
Recommended defensive actions
- Apply Schneider Electric’s mitigations from SEVD-2026-013-03 / ICSA-26-027-03.
- Do not allow unknown devices to join the Zigbee network.
- Review hub settings and how the Zigbee hub manages device pairing.
- Only open the network when adding new devices, and close it immediately afterward.
- Use unique install codes whenever possible.
- Replace default or well-known keys with secure, unique keys.
- Follow CISA’s ICS recommended practices and defense-in-depth guidance for operational networks.
Evidence notes
The source corpus is a CISA CSAF advisory republishing Schneider Electric’s SEVD-2026-013-03 notice on 2026-01-27, with original advisory publication in the corpus dated 2026-01-13. The advisory explicitly describes CWE-400 uncontrolled resource consumption leading to denial of service when a malicious device joins the network. The published CVSS vector is CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H, consistent with a medium-severity availability issue. No KEV entry is present in the supplied enrichment.
Official resources
-
CVE-2024-7322 CVE record
CVE.org
-
CVE-2024-7322 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory date used here is 2026-01-13T08:00:00.000Z, with a republished/modified date of 2026-01-27T20:13:34.637Z. No KEV listing is present in the supplied data.