Schneider-electric

Struxureware Data Center Expert

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-25553

  • EPSS 0.38%
  • Veröffentlicht 18.04.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:49:43

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare D...

7.8

CVE-2023-25554

  • EPSS 0.14%
  • Veröffentlicht 18.04.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:49:43

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on...

8.1

CVE-2023-25555

  • EPSS 0.48%
  • Veröffentlicht 18.04.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:49:43

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over S...

9.8

CVE-2021-22795

  • EPSS 3.19%
  • Veröffentlicht 13.04.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 05:50:41

A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1...

9.8

CVE-2021-22794

  • EPSS 3.73%
  • Veröffentlicht 13.04.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 05:50:41

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

8.8

CVE-2018-7807

  • EPSS 0.76%
  • Veröffentlicht 30.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:46

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain ...

5.6

CVE-2018-3693

  • EPSS 0.92%
  • Veröffentlicht 10.07.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 04:05:53

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

9.8

CVE-2018-1126

Exploit
  • EPSS 0.3%
  • Veröffentlicht 23.05.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:14

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

7.8

CVE-2018-1124

Exploit
  • EPSS 0.43%
  • Veröffentlicht 23.05.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:13

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which co...

5.5

CVE-2018-3639

Exploit
  • EPSS 44.99%
  • Veröffentlicht 22.05.2018 12:29:00
  • Zuletzt bearbeitet 21.11.2024 04:05:48

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi...