CVE-2023-5391

Summary

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Power Monitoring ExpertAll versions – prior to application of Hotfix-145271affected
Schneider ElectricEcoStruxure Power Operation (EPO) with Advanced ReportsAll versions – prior to application of Hotfix-145271affected
Schneider ElectricEcoStruxure Power SCADA Operation with Advanced ReportsAll versions – prior to application of Hotfix-145271affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References