Deserialization Vulnerability in Data Center Expert by Schneider Electric
CVE-2022-32521

7.1HIGH

Key Information:

Vendor: Schneider Electric
Status: Data Center Expert
Vendor: CVE Published:; 30 January 2023

Summary

A vulnerability exists within Schneider Electric's Data Center Expert that involves the deserialization of untrusted data. This flaw could be exploited by an attacker to execute arbitrary code on the server when unsafe data is posted to the web application. This risk is particularly pronounced in versions prior to V7.9.0, emphasizing the importance of updates and maintaining security best practices to mitigate exploitation risks.

Affected Version(s)

Data Center Expert All

References

https://download.schneider-electric.com/files?p_enDocType...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Jun 7, 2022

Collectors

NVD DatabaseMitre Database