Struxureware Data Center Expert Security Vulnerabilities and Issues — Struxureware Data Center Expert CVE List

Lucene search

Schneider-electricStruxureware Data Center Expert

9 matches found

CVE•added 2023/04/18 9:15 p.m.•39 views

CVE-2023-25549

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists thatallows for remote code execution when using a parameter of the DCE network settingsendpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

9.8CVSS9.7AI score0.02755EPSS

CVE•added 2023/04/18 9:15 p.m.•38 views

CVE-2023-25547

A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code executionon upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

8.8CVSS8.7AI score0.04157EPSS

CVE•added 2023/04/18 9:15 p.m.•38 views

CVE-2023-25552

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorizedcontent, changes or deleting of content, or performing unauthorized functions when tamperingthe Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 an...

8.1CVSS8AI score0.00222EPSS

CVE•added 2023/04/18 9:15 p.m.•37 views

CVE-2023-25548

A CWE-863: Incorrect Authorization vulnerability exists that could allow access to devicecredentials on specific DCE endpoints not being properly secured when a hacker is using a lowprivileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

8.8CVSS6.4AI score0.00318EPSS

CVE•added 2023/04/18 9:15 p.m.•34 views

CVE-2023-25554

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OSCommand Injection') vulnerability exists that allows a local privilege escalation on the appliancewhen a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center...

7.8CVSS7.8AI score0.00135EPSS

CVE•added 2023/04/18 9:15 p.m.•32 views

CVE-2023-25555

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OSCommand Injection') vulnerability exists that could allow a user that knows the credentials toexecute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and...

8.1CVSS8.1AI score0.00475EPSS

CVE•added 2023/04/18 9:15 p.m.•30 views

CVE-2023-25550

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists thatallows remote code execution via the “hostname” parameter when maliciously crafted hostnamesyntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

9.8CVSS9.7AI score0.02755EPSS

CVE•added 2023/04/18 9:15 p.m.•28 views

CVE-2023-25553

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-siteScripting') vulnerability exists on a DCE endpoint through the logging capabilities of thewebserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

6.1CVSS6.3AI score0.00376EPSS

CVE•added 2023/04/18 9:15 p.m.•27 views

CVE-2023-25551

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-siteScripting') vulnerability exists on a DCE file upload endpoint when tampering with parametersover HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

6.1CVSS6.3AI score0.00274EPSS