Vulnerability Details CVE-2022-23450
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.333
EPSS Ranking 96.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2022-23450
-
cpe:2.3:a:siemens:simatic_energy_manager_basic:*
-
cpe:2.3:a:siemens:simatic_energy_manager_basic:7.3
-
cpe:2.3:a:siemens:simatic_energy_manager_pro:*
-
cpe:2.3:a:siemens:simatic_energy_manager_pro:7.3