Lucene search
HistoryOct 04, 2023 - 7:15 p.m.
CVE-2023-5391
cwe-502
untrusted data
arbitrary code execution
crafted packet
application vulnerability
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.002
Percentile
59.0%
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to
execute arbitrary code on the targeted system by sending a specifically crafted packet to the
application.
Affected configurations
Node
schneider-electricecostruxure_power_monitoring_expert
ORschneider-electricecostruxure_power_operation_with_advanced_reports
ORschneider-electricecostruxure_power_scada_operation_with_advanced_reports
| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | ecostruxure_power_monitoring_expert | * | cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:*:*:*:*:*:*:*:* |
| schneider-electric | ecostruxure_power_operation_with_advanced_reports | * | cpe:2.3:a:schneider-electric:ecostruxure_power_operation_with_advanced_reports:*:*:*:*:*:*:*:* |
| schneider-electric | ecostruxure_power_scada_operation_with_advanced_reports | * | cpe:2.3:a:schneider-electric:ecostruxure_power_scada_operation_with_advanced_reports:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-5391
2023-10-04 18:13:00
zdi
zdi
cve
cve
CVE-2023-5391
2023-10-04 19:15:10
prion
prion
Deserialization of untrusted data
2023-10-04 19:15:00
ics
ics
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.002
Percentile
59.0%
Related for NVD:CVE-2023-5391