CVE-2023-3001

CWE-502 — Deserialization of Untrusted Data CWE-595 documents5 sources

Severity

7.8HIGH

EPSS

3.1%

top 13.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Igss Dashboard Schneider Electric Igss Dashboard (dashboard.exe)

Timeline

PublishedJun 14

Description

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDschneider-electric/igss_dashboard< 16.0.0.23131

▶CVEListV5schneider_electric/igss_dashboard_(dashboard.exe)v16.0.0.23130 and prior

🔴Vulnerability Details

GHSA

GHSA-r5pf-h3vv-f4pr: A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data↗2023-06-14

▶

CVEList

CVE-2023-3001: A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data↗2023-06-14

▶

📄Research Papers

CTF

FullPwn / Survivor↗2024

▶