Vulnerability Details CVE-2023-5391
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to
execute arbitrary code on the targeted system by sending a specifically crafted packet to the
application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-5391
-
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020
-
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021
-
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2022
-
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:7.0
-
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.0
-
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.2
-
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:9.0
-
cpe:2.3:a:schneider-electric:ecostruxure_power_operation_with_advanced_reports:-
-
cpe:2.3:a:schneider-electric:ecostruxure_power_scada_operation_with_advanced_reports:-