Lucene search
+L

152 matches found

CNNVD
CNNVD
added 2023/04/18 12:0 a.m.9 views

Schneider Electric StruxureWare Data Center Expert 安全漏洞

Schneider Electric StruxureWare Data Center Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and environment. An access control error vulnerability...

8.8CVSS7.8AI score0.00935EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/13 12:0 a.m.30 views

Schneider Electric Struxureware Building Operations Improper Access Control (CVE-2016-2278)

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism. This plugin only works with Tenable.ot. Please...

9CVSS7.3AI score0.13426EPSS
Exploits7References4
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.10 views

The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, is related to deficiencies in the authentication process, allowing a perpetrator to execute arbitrary codes.

The vulnerability of the StruxureWare Data Center Expert monitoring system is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

9CVSS7AI score0.00549EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/21 12:0 a.m.12 views

The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, related to errors during maintenance by one user on devices owned by another user, allows a violator to execute arbitrary code.

The vulnerability of the StruxureWare Data Center Expert monitoring system is related to errors that occur when one user maintains devices owned by another user. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS8AI score0.00935EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.11 views

The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, arises due to the lack of measures taken to protect the structure of the web page. This vulnerability allows attackers to carry out XSS attacks.

The vulnerability of the StruxureWare Data Center Expert monitoring system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

8.5CVSS6.3AI score0.00392EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.8 views

The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, arises due to the failure to take measures to neutralize special elements used in the operating system’s command set. This allows a perpetrator to increase their privileges.

The vulnerability of the StruxureWare Data Center Expert monitoring system exists because measures to neutralize special elements used in the operating system have not been taken. Exploiting this vulnerability can allow attackers to increase their privileges...

7.8CVSS7.2AI score0.00609EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.7 views

The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, arises due to the failure to take measures to neutralize special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary commands.

The vulnerability of the StruxureWare Data Center Expert monitoring system exists because measures to neutralize special elements used in the operating system have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands via the SSH protocol remotely...

7.5CVSS7.8AI score0.0085EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.7 views

PT-2023-3273 · Schneider Electric · Struxureware Data Center Expert

Name of the Vulnerable Software and Affected Versions: StruxureWare Data Center Expert versions prior to 7.9.2 Description: A code injection issue exists, allowing for remote code execution when using a parameter of the DCE network settings endpoint. This could enable a remote attacker to execute...

10CVSS9.8AI score0.01182EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.13 views

PT-2023-3272 · Schneider Electric · Struxureware Data Center Expert

Name of the Vulnerable Software and Affected Versions: StruxureWare Data Center Expert versions prior to 7.9.2 Description: The issue is related to improper control of code generation, allowing remote code execution via the hostname parameter when maliciously crafted hostname syntax is entered...

10CVSS9.9AI score0.01182EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.5 views

PT-2023-1607 · Schneider Electric · Struxureware Data Center Expert

Name of the Vulnerable Software and Affected Versions: StruxureWare Data Center Expert versions prior to 7.9.2 Description: The issue is related to insufficient authorization procedures in the system, allowing a remote attacker to potentially execute arbitrary code. Specifically, it involves a...

9CVSS7.2AI score0.00549EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.7 views

PT-2023-1391 · Schneider Electric · Struxureware Data Center Expert

Name of the Vulnerable Software and Affected Versions: StruxureWare Data Center Expert versions 7.9.2 and prior Description: A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow a user that knows the credentials t...

8.1CVSS8.2AI score0.0085EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.6 views

PT-2023-1418 · Schneider Electric · Struxureware Data Center Expert

Name of the Vulnerable Software and Affected Versions: StruxureWare Data Center Expert versions prior to 7.9.2 Description: A vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. The issue is related to...

9CVSS9AI score0.00935EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.4 views

PT-2023-3274 · Schneider Electric · Struxureware Data Center Expert

Name of the Vulnerable Software and Affected Versions: StruxureWare Data Center Expert versions prior to 7.9.2 Description: The issue is related to insufficient protection of the web page structure, allowing a remote attacker to conduct a cross-site scripting attack in the DCE file upload endpoin...

7.7CVSS6AI score0.00397EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.5 views

Schneider Electric StruxureWare Data Center Expert 安全漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A...

9.8CVSS8.3AI score0.00532EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.4 views

Schneider Electric StruxureWare Data Center Expert 安全漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A...

9.8CVSS8.3AI score0.00532EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.4 views

Schneider Electric StruxureWare Data Center Expert 代码问题漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A code...

8.8CVSS8.8AI score0.00537EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.8 views

Schneider Electric StruxureWare Data Center Expert 安全漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A...

9.8CVSS8.4AI score0.00472EPSS
Exploits0References2
NVD
NVD
added 2022/04/13 4:15 p.m.40 views

CVE-2021-22795

A CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert V7.8.1 and prior...

9.8CVSS0.03083EPSS
Exploits0References1
OSV
OSV
added 2022/04/13 4:15 p.m.3 views

CVE-2021-22795

A CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert V7.8.1 and prior...

9.8CVSS7.8AI score0.03083EPSS
Exploits0References1
NVD
NVD
added 2022/04/13 4:15 p.m.36 views

CVE-2021-22794

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert V7.8.1 and prior...

9.8CVSS0.02083EPSS
Exploits0References1
Rows per page
Query Builder