Deserialization Vulnerability in Schneider Electric's Software
CVE-2023-5391
Key Information:
- Vendor
Schneider Electric
- Status
- Vendor
- CVE Published:
- 4 October 2023
What is CVE-2023-5391?
A deserialization vulnerability exists within Schneider Electric's software, allowing attackers to send specially crafted packets to the application. If exploited, this could enable the execution of arbitrary code on the targeted system, posing significant risks to its functionality and security. Organizations using affected software should implement mitigative measures promptly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
EcoStruxure Power Monitoring Expert All versions β prior to application of Hotfix-145271
EcoStruxure Power Operation (EPO) with Advanced Reports All versions β prior to application of Hotfix-145271
EcoStruxure Power SCADA Operation with Advanced Reports All versions β prior to application of Hotfix-145271
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved