CVE-2023-5391 – Schneider Electric EcoStruxure Power Monitoring Expert GetFilteredSinkProvider Deserialization of Untrusted Data Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2023-5391

04 Oct 2023 — A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. CWE-502: Existe una vulnerabilidad deserialización de datos no confiables que podría permitir a un atacante ejecutar código arbitrario en el sistema objetivo enviando un paquete específicamente manipulado a la aplicación. This vulnerability allows remote attackers to execute arbitrary code on affected inst... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-283-02.pdf • CWE-502: Deserialization of Untrusted Data •