CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service,
privilege escalation, and potentially kernel execution when a malicious actor with local user
access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
History

Wed, 27 Aug 2025 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Schneider Electric
Schneider Electric ecostruxure Foxboro Dcs Core Control Services
CPEs cpe:2.3:a:schneider_electric:ecostruxure_foxboro_dcs_core_control_services:9.8:*:*:*:*:*:*:*
Vendors & Products Schneider Electric
Schneider Electric ecostruxure Foxboro Dcs Core Control Services
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2025-08-27T21:33:27.004Z

Reserved: 2024-06-06T12:06:44.310Z

Link: CVE-2024-5681

cve-icon Vulnrichment

Updated: 2024-08-01T21:18:06.902Z

cve-icon NVD

Status : Modified

Published: 2024-07-11T09:15:04.360

Modified: 2024-11-21T09:48:08.953

Link: CVE-2024-5681

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.