Описание
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.0 (включая)
cpe:2.3:a:schneider-electric:scadapack_x70_security_administrator:*:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00427
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-502
CWE-502
Связанные уязвимости
github
больше 3 лет назад
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer.
EPSS
Процентиль: 62%
0.00427
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-502
CWE-502