Lucene search
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)ZDI-24-354HistoryMar 28, 2024 - 12:00 a.m.
Schneider Electric EcoStruxure Power Design - Ecodial BinSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability
2024-03-2800:00:00
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
www.zerodayinitiative.com
12
schneider electric
power design
ecodial
binserializer
deserialization
vulnerability
remote code execution
user interaction
validation
untrusted data
current user context
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Design - Ecodial. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BinSerializer class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user.
Related
cvelist
cvelist
CVE-2024-2229
2024-03-18 16:08:33
cve
cve
CVE-2024-2229
2024-03-18 16:15:09
nvd
nvd
CVE-2024-2229
2024-03-18 16:15:09
ics
ics
Schneider Electric EcoStruxure Power Design
2024-03-12 12:00:00
vulnrichment
vulnrichment
CVE-2024-2229
2024-03-18 16:08:33