CVE-2022-32521

Published: Jan 30, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)

Affected (1)

Products: Schneider Electric: Data Center Expert

Schneider Electric

1 product

Data Center Expert

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Data Center Expert	Before 7.9.0

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04

Source: cybersecurity@se.com

PatchRelease NotesVendor Advisory

https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04

Source: af854a3a-2127-422b-91ae-364da2661108

PatchRelease NotesVendor Advisory

Timeline

No history available yet.