Schneider-electric

Struxureware Data Center Expert

48 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2023-37199

  • EPSS 1.69%
  • Published 12.07.2023 08:15:10
  • Last modified 21.11.2024 08:11:10

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.

7.2

CVE-2023-37198

  • EPSS 1.64%
  • Published 12.07.2023 07:15:10
  • Last modified 21.11.2024 08:11:10

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.

8.8

CVE-2023-37197

  • EPSS 0.33%
  • Published 12.07.2023 07:15:10
  • Last modified 21.11.2024 08:11:10

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or pe...

8.8

CVE-2023-37196

  • EPSS 0.33%
  • Published 12.07.2023 07:15:10
  • Last modified 21.11.2024 08:11:10

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perf...

6.5

CVE-2023-25548

  • EPSS 0.32%
  • Published 18.04.2023 21:15:08
  • Last modified 21.11.2024 07:49:42

A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center E...

8.8

CVE-2023-25547

  • EPSS 4.16%
  • Published 18.04.2023 21:15:08
  • Last modified 21.11.2024 07:49:42

A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)...

9.8

CVE-2023-25549

  • EPSS 2.76%
  • Published 18.04.2023 21:15:08
  • Last modified 21.11.2024 07:49:42

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center...

9.8

CVE-2023-25550

  • EPSS 2.76%
  • Published 18.04.2023 21:15:08
  • Last modified 21.11.2024 07:49:42

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: Str...

6.1

CVE-2023-25551

  • EPSS 0.27%
  • Published 18.04.2023 21:15:08
  • Last modified 21.11.2024 07:49:42

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Dat...

8.1

CVE-2023-25552

  • EPSS 0.22%
  • Published 18.04.2023 21:15:08
  • Last modified 21.11.2024 07:49:42

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. A...