Lucene search

K
cvelistSchneiderCVELIST:CVE-2023-25551
HistoryApr 18, 2023 - 8:37 p.m.

CVE-2023-25551

2023-04-1820:37:23
CWE-79
schneider
www.cve.org
cwe-79
dce file upload
http parameters

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

0.0005 Low

EPSS

Percentile

18.3%

A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site
Scripting’) vulnerability exists on a DCE file upload endpoint when tampering with parameters
over HTTP.

Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "StruxureWare Data Center Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "V7.9.2",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

0.0005 Low

EPSS

Percentile

18.3%

Related for CVELIST:CVE-2023-25551