CVE Vulnerability

CVE-2019-6834

A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0)

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.se.com/ww/en/download/document/SEVD-2019-225-06/ Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:schneider-electric:software_update:*:*:*:*:*:*:*:*
Information

Published : 2022-04-13 04:15

Updated : 2022-04-20 06:28

NVD link : CVE-2019-6834

Mitre link : CVE-2019-6834

Products Affected
No products.
CWE
CWE-502

Deserialization of Untrusted Data