Vulnerabilities > CVE-2023-5391 - Deserialization of Untrusted Data vulnerability in Schneider-Electric products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

CWE-502

critical

NVD

Published: 2023-10-04

Updated: 2024-02-01

Summary

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Ecostruxure Power Scada Operation With Advanced Reports * Schneider Electric Ecostruxure Power Operation With Advanced Reports * Schneider Electric Ecostruxure Power Monitoring Expert *	3

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-283-02.pdf