Name of the Vulnerable Software and Affected Versions:

EcoStruxureTM Foxboro DCS Control Core Services (affected versions not specified)

Description:

The issue is related to insufficient input validation in the Foxboro.sys driver, which could allow an attacker to cause a denial-of-service, potentially escalate privileges, and achieve kernel execution by crafting a malicious script or program using an IOCTL call. This could be exploited by a malicious actor with local user access.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.