CVE-2023-25553

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

CVE-2023-25548

A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

Code injection

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

Authorization

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert V7.9.2...

CVE-2023-25553

CVE-2023-25553 affects Schneider Electric StruxureWare Data Center Expert

CVE-2023-25553

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

CVE-2023-25551

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

CVE-2023-25551

Summary of CVE-2023-25551 (CWE-79, XSS) : A cross-site scripting vulnerability exists in Schneider Electric StruxureWare Data Center Expert (DCE) file upload endpoint, exploitable by tampering with HTTP parameters. Affected products: StruxureWare Data Center Expert (versions prior to 7.9.2). Root...

CVE-2023-25549

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

CVE-2023-25552

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert V7.9.2...

CVE-2023-25548

A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

K21312421: Samba vulnerabilities CVE-2020-25718 and CVE-2021-23192

Security Advisory Description CVE-2020-25718 A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC read-only domain controller. This would allow an RODC to print administrator tickets. CVE-2021-23192 A flaw was found in the way samba implemented...

SUSE CVE-2003-0428

Unknown vulnerability in the DCERPC DCE/RPC dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service memory consumption via a certain NDR string...

SUSE CVE-2006-5276

Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic...

CVE-2022-32519

A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert Versions prior to V7.9.0...

CVE-2022-32518

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert Versions prior to V7.9.0...

Design/Logic Flaw

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert Versions prior to V7.9.0...

Design/Logic Flaw

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert Versions prior to V7.9.0...