Vulnerabilities > CVE-2023-7032 - Deserialization of Untrusted Data vulnerability in Schneider-Electric Easergy Studio

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

schneider-electric

CWE-502

NVD

Published: 2024-01-09

Updated: 2024-01-16

Summary

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Easergy Studio *	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-009-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-009-02.pdf