CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ecostruxure_power_monitoring_expert | Schneider-electric | 2022 (including) | 2022 (including) |
| Ecostruxure_power_monitoring_expert | Schneider-electric | 2023 (including) | 2023 (including) |
| Ecostruxure_power_monitoring_expert | Schneider-electric | 2023-r2 (including) | 2023-r2 (including) |
| Ecostruxure_power_monitoring_expert | Schneider-electric | 2024 (including) | 2024 (including) |
| Ecostruxure_power_monitoring_expert | Schneider-electric | 2024-r2 (including) | 2024-r2 (including) |