Lucene search

SchneiderCVELIST:CVE-2023-2570

HistoryJun 14, 2023 - 7:52 a.m.

CVE-2023-2570

2023-06-1407:52:24

CWE-129

schneider

www.cve.org

cwe-129

local denial-of-service

kernel execution

unpredictable index

ioctl call

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local
denial-of-service, and potentially kernel execution when a malicious actor with local user access
crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Foxboro DCS Control Core Services",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to patch HF9857795"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-04.pdf

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for CVELIST:CVE-2023-2570