Ecostruxure Foxboro Dcs Control Core Services
Monthly
privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
call in the Foxboro.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
call in the Foxboro.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.