Vulnerabilities > CVE-2022-32521 - Deserialization of Untrusted Data vulnerability in Schneider-Electric Data Center Expert

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

CWE-502

critical

NVD

Published: 2023-01-30

Updated: 2023-02-07

Summary

A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Data Center Expert *	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04