A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0)
References
Link | Resource |
---|---|
https://www.se.com/ww/en/download/document/SEVD-2019-225-06/ | Vendor Advisory |
Configurations
History
20 Apr 2022, 18:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Schneider-electric
Schneider-electric software Update |
|
CPE | cpe:2.3:a:schneider-electric:software_update:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 7.8 |
References | (MISC) https://www.se.com/ww/en/download/document/SEVD-2019-225-06/ - Vendor Advisory |
13 Apr 2022, 16:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-13 16:15
Updated : 2023-12-10 14:22
NVD link : CVE-2019-6834
Mitre link : CVE-2019-6834
CVE.ORG link : CVE-2019-6834
JSON object : View
Products Affected
schneider-electric
- software_update
CWE
CWE-502
Deserialization of Untrusted Data