CVE-2024-9005

EUVD-2024-49659
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deserialized data is posted to the web server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
schneider_electricecostruxure_power_monitoring_expert
𝑥
< 2022
ADP
Common Weakness Enumeration
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-05.pdf