Deserialization in Schneider Electric Ecostruxure Power Monitoring Expert (Pme)

CVE-2024-9005

CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.

Vulnerability class: Insecure Deserialization

EPSS: 0.003 (24.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References