Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-2229

Published: 18/03/2024 Updated: 18/03/2024

Vulnerability Summary

This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Design - Ecodial. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BinSerializer class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user.

ICS Advisories

https://ics-cert.us-cert.gov/advisories/e4032d871bfa86726341bef85b42f573
Critical Infrastructure Sectors: Commercial Facilities, Information Technology, Healthcare and Public Health, Critical Manufacturing, Transportation Systems, Energy, Chemical

References

CWE-502https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-02.pdfhttps://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-072-01https://www.zerodayinitiative.com/advisories/ZDI-24-354/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook