Remote Code Execution Vulnerability in Application Due to Untrusted Data Deserialization
CVE-2024-2229

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Power Design - Ecodial
Vendor: CVE Published:; 18 March 2024

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2024-2229?

A vulnerability classified under CWE-502 exists within Schneider Electric's software product line, exposing users to the risk of remote code execution when a malicious project file is loaded by an authenticated user. This flaw allows attackers to craft special project files that, when opened, can execute arbitrary code within the software environment, potentially leading to unauthorized access and significant operational disruption. Proper mitigation measures and user awareness are critical to safeguard against this type of vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EcoStruxure Power Design - Ecodial All Versions NL

EcoStruxure Power Design - Ecodial All Versions INT

EcoStruxure Power Design - Ecodial All Versions FR

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 18, 2024
Vulnerability Reserved
Mar 6, 2024

JSON

Schneider Electric

What is CVE-2024-2229?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.