Lucene search
PRIOn knowledge basePRION:CVE-2022-23450HistoryApr 12, 2022 - 9:15 a.m.
Deserialization of untrusted data
2022-04-1209:15:00
PRIOn knowledge base
www.prio-n.com
3
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simatic_energy_manager_basic | eq | 7.3 | |
| simatic_energy_manager_basic | lt | 7.3 | |
| simatic_energy_manager_pro | eq | 7.3 | |
| simatic_energy_manager_pro | lt | 7.3 |
Related
cve
cve
CVE-2022-23450
2022-04-12 09:15:14
cvelist
cvelist
CVE-2022-23450
2022-04-12 09:07:38
nvd
nvd
CVE-2022-23450
2022-04-12 09:15:14
ics
ics
Siemens SIMATIC Energy Manager
2022-04-14 12:00:00
thn
thn
Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines
2024-05-16 10:12:00