Cyber Resilience

CVE-2024-12703

High

Published: 17 January 2025

Published
17 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0137 80.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12703 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Schneider Electric (inferred from references). Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 19.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-12703 is a CWE-502 deserialization of untrusted data vulnerability that could lead to loss of confidentiality, integrity, and potential remote code execution on a workstation. It affects Schneider Electric software, as detailed in their security notice. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity with local access required, low attack complexity, no privileges needed, and user interaction.

The attack scenario involves a non-admin authenticated user opening a malicious project file, which triggers the deserialization flaw. An attacker with local access can craft this file to exploit the vulnerability, achieving high impacts on confidentiality, integrity, and availability, including potential remote code execution on the affected workstation.

Mitigation details are provided in Schneider Electric's security advisory SEVD-2025-014-06, available at https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-06.pdf. Security practitioners should consult this document for patching instructions and workarounds.

EU & UK References

Vulnerability details

CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Deserialization flaw in client software triggered by opening a malicious project file directly enables client-side exploitation and user-driven malicious file execution leading to RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-60037Shared CWE-502
CVE-2026-24151Shared CWE-502
CVE-2025-33253Shared CWE-502
CVE-2024-12742Shared CWE-502
CVE-2026-22187Shared CWE-502
CVE-2025-60038Shared CWE-502
CVE-2026-24141Shared CWE-502
CVE-2026-31224Shared CWE-502
CVE-2025-33248Shared CWE-502
CVE-2025-60036Shared CWE-502

Affected Assets

Schneider Electric
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching and flaw remediation to eliminate the deserialization vulnerability exploited by malicious project files.

prevent

Mandates validation of untrusted inputs such as project files before deserialization to block exploitation of CWE-502.

preventdetect

Deploys malicious code protection mechanisms to scan and block project files containing deserialization payloads leading to RCE.

References