CVE-2023-5391

Published: Oct 4, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.

Affected (3)

Products: Schneider Electric: Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports, Ecostruxure Power Scada Operation With Advanced Reports

Schneider Electric

3 products

Ecostruxure Power Monitoring Expert

Ecostruxure Power Operation With Advanced Reports

Ecostruxure Power Scada Operation With Advanced Reports

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Ecostruxure Power Monitoring Expert	All versions
Schneider Electric Ecostruxure Power Operation With Advanced Reports	All versions
Schneider Electric Ecostruxure Power Scada Operation With Advanced Reports	All versions

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-283-02.pdf

Source: cybersecurity@se.com

Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-283-02.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.