Deserialization Vulnerability in Schneider Electric's Software
CVE-2023-5391

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: EcoStruxure Power Monitoring Expert; EcoStruxure Power Operation (EPO) with Advanced Reports; EcoStruxure Power SCADA Operation with Advanced Reports
Vendor: CVE Published:; 4 October 2023

Summary

A deserialization vulnerability exists within Schneider Electric's software, allowing attackers to send specially crafted packets to the application. If exploited, this could enable the execution of arbitrary code on the targeted system, posing significant risks to its functionality and security. Organizations using affected software should implement mitigative measures promptly.

Affected Version(s)

EcoStruxure Power Monitoring Expert All versions – prior to application of Hotfix-145271

EcoStruxure Power Operation (EPO) with Advanced Reports All versions – prior to application of Hotfix-145271

EcoStruxure Power SCADA Operation with Advanced Reports All versions – prior to application of Hotfix-145271

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Oct 4, 2023