Lucene search
SchneiderCVELIST:CVE-2023-5391HistoryOct 04, 2023 - 6:13 p.m.
CVE-2023-5391
2023-10-0418:13:00
CWE-502
schneider
www.cve.org
5
deserialization vulnerability
arbitrary code execution
crafted packet
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
59.0%
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to
execute arbitrary code on the targeted system by sending a specifically crafted packet to the
application.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Monitoring Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions – prior to application of Hotfix-145271"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Operation (EPO) with Advanced Reports",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions – prior to application of Hotfix-145271"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power SCADA Operation with Advanced Reports",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions – prior to application of Hotfix-145271"
}
]
}
]Related
zdi
zdi
nvd
nvd
CVE-2023-5391
2023-10-04 19:15:10
cve
cve
CVE-2023-5391
2023-10-04 19:15:10
prion
prion
Deserialization of untrusted data
2023-10-04 19:15:00
ics
ics
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
59.0%
Related for CVELIST:CVE-2023-5391