Deserialization Vulnerability in Data Center Expert by Schneider Electric
CVE-2022-32521

7.1HIGH

Key Information:

Vendor: Schneider Electric
Status: Data Center Expert
Vendor: CVE Published:; 30 January 2023

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2022-32521?

A vulnerability exists within Schneider Electric's Data Center Expert that involves the deserialization of untrusted data. This flaw could be exploited by an attacker to execute arbitrary code on the server when unsafe data is posted to the web application. This risk is particularly pronounced in versions prior to V7.9.0, emphasizing the importance of updates and maintaining security best practices to mitigate exploitation risks.

Affected Version(s)

Data Center Expert All

References

https://download.schneider-electric.com/files?p_enDocType...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Jun 7, 2022