CVE-2022-23450
The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.
Risk Information
- CVE ID
- CVE-2022-23450
- Vendor
- Siemens
- Product
- SIMATIC Energy Manager
- CVSS v3
- 10