Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Struxureware_data_center_expert
(Schneider\-Electric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 48 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-13 | CVE-2021-22794 | A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) | Struxureware_data_center_expert | 9.8 | ||
| 2022-04-13 | CVE-2021-22795 | A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) | Struxureware_data_center_expert | 9.8 | ||
| 2023-04-18 | CVE-2023-25547 | A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | Struxureware_data_center_expert | 8.8 | ||
| 2023-04-18 | CVE-2023-25548 | A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | Struxureware_data_center_expert | 6.5 | ||
| 2023-04-18 | CVE-2023-25549 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | Struxureware_data_center_expert | 9.8 |