CVE-2019-6834

Published: Apr 13, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0)

Affected (1)

Products: Schneider Electric: Software Update

Schneider Electric

1 product

Software Update

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Software Update	From 2.1.1 to 2.3.0

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2019-225-06/

Source: cybersecurity@se.com

Vendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2019-225-06/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.