Schneider-electric

Struxureware Data Center Expert

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.23%
  • Veröffentlicht 09.06.2026 14:41:56
  • Zuletzt bearbeitet 23.06.2026 15:04:05

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP servi...

  • EPSS 0.75%
  • Veröffentlicht 12.07.2023 08:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:10

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.

  • EPSS 0.75%
  • Veröffentlicht 12.07.2023 07:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:10

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.

  • EPSS 0.5%
  • Veröffentlicht 12.07.2023 07:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:10

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or pe...

  • EPSS 0.5%
  • Veröffentlicht 12.07.2023 07:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:10

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perf...

  • EPSS 1.18%
  • Veröffentlicht 18.04.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:49:42

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center...

  • EPSS 0.94%
  • Veröffentlicht 18.04.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:49:42

A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)...

  • EPSS 0.55%
  • Veröffentlicht 18.04.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:49:42

A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center E...

  • EPSS 1.18%
  • Veröffentlicht 18.04.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:49:42

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: Str...

  • EPSS 0.4%
  • Veröffentlicht 18.04.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:49:42

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Dat...