VDB
SEVD-2023-164-04
SEVD-2023-164-04
PUBLISHED
CVSS 7.800000190734863 HIGH
Schneider Electric is aware of multiple vulnerabilities in its EcoStruxureTM Foxboro DCS product formerly known as Foxboro Evo Process Automation System and I/A Series. The DCS component impacted is the Control Core Services package. The EcoStruxureTM Foxboro DCS product is an innovative family of fault-tolerant, highly available control components, which consolidates critical information and elevates staff capabilities to ensure flawless, continuous plant operation. Failure to apply the remediations provided below may risk denial of service, privilege escalation, and kernel code execution, which could result in loss of system functionality or unauthorized access to system functions
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric EcoStruxureTM Foxboro DCS Control Core Services versions prior to Patch HF98577958 | ||
| Schneider Electric EcoStruxureTM Foxboro DCS Control Core Services version Patch HF98577958 |
Timeline
- Jun 13, 2023 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-04.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2023-164-04.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://www.se.com/en/work/support/cybersecurity/security/u0002notifications.jsp fix