CVE-2021-22794

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert V7.8.1 and prior...

CVE-2021-22795

A CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert V7.8.1 and prior...

EUVD-2023-29504

Malicious code in bioql PyPI...

EUVD-2021-9930

Malicious code in bioql PyPI...

EUVD-2023-29505

Malicious code in bioql PyPI...

EUVD-2023-29506

Malicious code in bioql PyPI...

EUVD-2023-29507

Malicious code in bioql PyPI...

EUVD-2023-29502

Malicious code in bioql PyPI...

EUVD-2021-9929

Malicious code in bioql PyPI...

EUVD-2023-29499

Malicious code in bioql PyPI...

EUVD-2023-29503

Malicious code in bioql PyPI...

EUVD-2023-29501

Malicious code in bioql PyPI...

The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, arises from the lack of measures taken to protect the SQL query structure. This allows attackers to modify or delete any content they desire.

The vulnerability of the StruxureWare Data Center Expert monitoring system relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to modify or delete any content at will...

Schneider Electric StruxureWare Data Center Expert 代码注入漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A code...

Schneider Electric StruxureWare Data Center Expert SQL注入漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A SQL...

Schneider Electric StruxureWare Data Center Expert Access Control Error Vulnerability (CNVD-2023-37594)

Schneider Electric StruxureWare Data Center Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and environment. An access control error vulnerability...

Schneider Electric StruxureWare Data Center Expert Access Control Error Vulnerability

Schneider Electric StruxureWare Data Center Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and environment. An access control error vulnerability...

CVE-2023-25549

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

CVE-2023-25553

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

CVE-2023-25555

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert V7.9.2 an...