Описание
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
7.8 High
CVSS3
Дефекты
Связанные уязвимости
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
Уязвимость драйвера Foxboro.sys микропрограммного обеспечения распределённой системы управления EcoStruxureTM Foxboro DCS Control Core Services, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.8 High
CVSS3