CVE-2024-9005

Summary

CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Power Monitoring Expert (PME)Version 2022 and prioraffected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References