Deserialization Vulnerability in Schneider Electric Products
CVE-2024-12703

8.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Remoteconnect And Scadapack X70 Utilities
Vendor: CVE Published:; 17 January 2025

Summary

A deserialization vulnerability exists in Schneider Electric products that could allow an authenticated non-admin user to inadvertently execute malicious code. This occurs when the user opens a compromised project file, potentially resulting in exposure to confidential data and integrity risks. Attackers can exploit this vulnerability to manipulate the execution flow, leading to unauthorized access and control over the affected workstation systems.

Affected Version(s)

RemoteConnect and SCADAPack x70 Utilities All versions

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jan 17, 2025
Vulnerability Reserved
Dec 17, 2024