Ecostruxure Foxboro Dcs Control Core Services Security Vulnerabilities
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service,elevation of privilege, and potentially kernel execution when a malicious actor with local useraccess crafts a script/program using an IOCTL call in the Foxboro.sys driver.
7.8CVSS
7.4AI Score
0.0004EPSS
A CWE-129: Improper Validation of Array Index vulnerability exists that could cause localdenial-of-service, and potentially kernel execution when a malicious actor with local user accesscrafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver.
7.8CVSS
7.3AI Score
0.0004EPSS
CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, orkernel memory leak when a malicious actor with local user access crafts a script/program usingan IOCTL call in the Foxboro.sys driver.
7.1CVSS
6.8AI Score
0.0004EPSS
CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTLcall in the Foxboro.sys driver.
7.1CVSS
6.7AI Score
0.0004EPSS
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service,privilege escalation, and potentially kernel execution when a malicious actor with local useraccess crafts a script/program using an IOCTL call in the Foxboro.sys driver.
7.8CVSS
6.8AI Score
0.0004EPSS