Lucene search

[email protected]NVD:CVE-2023-5391

HistoryOct 04, 2023 - 7:15 p.m.

CVE-2023-5391

2023-10-0419:15:10

CWE-502

[email protected]

web.nvd.nist.gov

cwe-502

untrusted data

arbitrary code execution

crafted packet

application vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

JSON

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to
execute arbitrary code on the targeted system by sending a specifically crafted packet to the
application.

Affected configurations

NVD

Node

schneider-electricecostruxure_power_monitoring_expert

schneider-electricecostruxure_power_operation_with_advanced_reports

schneider-electricecostruxure_power_scada_operation_with_advanced_reports

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-283-02.pdf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

JSON

Related for NVD:CVE-2023-5391

cvelist1 cve1 ics1 zdi1 prion1