CRITICAL🇬🇧 English

CVE-2023-5391

CVSS 9.8v3.1pub. 2023-10-04upd. 2024-11-21

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Ecostruxure Power Monitoring Expert

    APP
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Ecostruxure Power Operation With Advanced Reports

    APP
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Ecostruxure Power Scada Operation With Advanced Reports

    APP
    Schneider-Electric
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDeserialization
CWE
Referencje

Powiązane podatności

CVE-2025-11739HIGH8.5ten sam produkt

CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with...

CVE-2023-5986HIGH8.2ten sam produkt

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerabili...

CVE-2022-22727HIGH8.8ten sam produkt

A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view ...

CVE-2021-22827HIGH8.8ten sam produkt

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the us...

CVE-2021-22826HIGH8.8ten sam produkt

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the us...