Schneider-electric

Struxureware Data Center Expert

48 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-25553

  • EPSS 0.38%
  • Published 18.04.2023 21:15:08
  • Last modified 21.11.2024 07:49:43

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare D...

7.8

CVE-2023-25554

  • EPSS 0.14%
  • Published 18.04.2023 21:15:08
  • Last modified 21.11.2024 07:49:43

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on...

8.1

CVE-2023-25555

  • EPSS 0.48%
  • Published 18.04.2023 21:15:08
  • Last modified 21.11.2024 07:49:43

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over S...

9.8

CVE-2021-22795

  • EPSS 3.19%
  • Published 13.04.2022 16:15:09
  • Last modified 21.11.2024 05:50:41

A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1...

9.8

CVE-2021-22794

  • EPSS 3.73%
  • Published 13.04.2022 16:15:09
  • Last modified 21.11.2024 05:50:41

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

8.8

CVE-2018-7807

  • EPSS 0.76%
  • Published 30.11.2018 19:29:00
  • Last modified 21.11.2024 04:12:46

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain ...

5.6

CVE-2018-3693

  • EPSS 0.92%
  • Published 10.07.2018 21:29:01
  • Last modified 21.11.2024 04:05:53

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

9.8

CVE-2018-1126

Exploit
  • EPSS 0.3%
  • Published 23.05.2018 13:29:00
  • Last modified 21.11.2024 03:59:14

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

7.8

CVE-2018-1124

Exploit
  • EPSS 0.43%
  • Published 23.05.2018 13:29:00
  • Last modified 21.11.2024 03:59:13

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which co...

5.5

CVE-2018-3639

Exploit
  • EPSS 44.99%
  • Published 22.05.2018 12:29:00
  • Last modified 21.11.2024 04:05:48

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi...