cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2023-37199,https://securityvulnerability.io/vulnerability/CVE-2023-37199,," A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored. ",Schneider Electric,Struxureware Data Center Expert,6.8,MEDIUM,0.0010600000387057662,false,false,false,false,,false,false,2023-07-12T08:15:00.000Z,0 CVE-2023-37198,https://securityvulnerability.io/vulnerability/CVE-2023-37198,," A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages. ",Schneider Electric,Struxureware Data Center Expert,6.8,MEDIUM,0.0010600000387057662,false,false,false,false,,false,false,2023-07-12T07:15:00.000Z,0 CVE-2023-37197,https://securityvulnerability.io/vulnerability/CVE-2023-37197,SQL Injection Vulnerability in Schneider Electric's DCE,"An SQL Injection vulnerability exists in Schneider Electric's DCE that can be exploited by an authenticated user. This flaw enables the attacker to manipulate configuration settings, potentially allowing unauthorized access to sensitive content, alterations to existing data, or deletion of critical information. Users must be cautious as the manipulation of mass settings can lead to severe security breaches if left unaddressed.",Schneider Electric,Struxureware Data Center Expert,8.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2023-07-12T07:15:00.000Z,0 CVE-2023-37196,https://securityvulnerability.io/vulnerability/CVE-2023-37196,SQL Injection Vulnerability in DCE by Schneider Electric,"A vulnerability exists within Schneider Electric's DCE (Data Center Expert) that is characterized as an improper neutralization of special elements in an SQL command, commonly known as SQL injection. This flaw permits authenticated users to access unauthorized content, modify or delete data, and execute actions beyond their intended privileges when manipulating alert settings for endpoints in DCE.",Schneider Electric,Struxureware Data Center Expert,8.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2023-07-12T07:15:00.000Z,0 CVE-2023-25552,https://securityvulnerability.io/vulnerability/CVE-2023-25552,Missing Authorization Vulnerability in StruxureWare Data Center Expert by Schneider Electric,"A missing authorization vulnerability has been identified in StruxureWare Data Center Expert, which could enable unauthorized users to view sensitive content, modify, or delete critical data. This issue arises from the manipulation of Device File Transfer settings on DCE endpoints, allowing potential adversaries to perform unauthorized actions. Users are advised to review their configurations and implement necessary security measures to mitigate exposure.",Schneider Electric,StruxureWare Data Center Expert,8.1,HIGH,0.000590000010561198,false,false,false,false,,false,false,2023-04-18T21:15:00.000Z,0 CVE-2023-25553,https://securityvulnerability.io/vulnerability/CVE-2023-25553,," A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) ",Schneider Electric,StruxureWare Data Center Expert,6.1,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2023-04-18T21:15:00.000Z,0 CVE-2023-25555,https://securityvulnerability.io/vulnerability/CVE-2023-25555,OS Command Injection Vulnerability in StruxureWare Data Center Expert by Schneider Electric,"An OS Command Injection vulnerability exists in StruxureWare Data Center Expert, enabling authenticated users to execute unprivileged shell commands via SSH. This security flaw arises from improper handling of special elements, allowing an attacker with valid credentials to exploit the system. It is crucial for users to apply necessary security patches and mitigate potential risks connected with this vulnerability.",Schneider Electric,StruxureWare Data Center Expert,8.1,HIGH,0.001019999966956675,false,false,false,false,,false,false,2023-04-18T21:15:00.000Z,0 CVE-2023-25547,https://securityvulnerability.io/vulnerability/CVE-2023-25547,Incorrect Authorization in StruxureWare Data Center Expert by Schneider Electric,"An incorrect authorization vulnerability has been identified in StruxureWare Data Center Expert, enabling attackers with limited privileges to execute remote code. This risk arises when malicious users exploit weaknesses in the system, allowing unauthorized operations during the upload and installation of packages. Proper security measures and updates are essential for safeguarding against potential exploitation.",Schneider Electric,StruxureWare Data Center Expert,8.8,HIGH,0.001509999972768128,false,false,false,false,,false,false,2023-04-18T21:15:00.000Z,0 CVE-2023-25551,https://securityvulnerability.io/vulnerability/CVE-2023-25551,," A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) ",Schneider Electric,StruxureWare Data Center Expert,6.1,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2023-04-18T21:15:00.000Z,0 CVE-2023-25554,https://securityvulnerability.io/vulnerability/CVE-2023-25554,OS Command Injection Vulnerability in StruxureWare Data Center Expert by Schneider Electric,"An OS Command Injection vulnerability has been discovered in StruxureWare Data Center Expert that allows attackers to escalate their privileges locally by executing specially crafted operating system commands. This vulnerability highlights the importance of securing application inputs to prevent unauthorized command execution, which could potentially compromise the integrity and confidentiality of the affected system.",Schneider Electric,StruxureWare Data Center Expert,7.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T21:15:00.000Z,0 CVE-2023-25548,https://securityvulnerability.io/vulnerability/CVE-2023-25548,," A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) ",Schneider Electric,StruxureWare Data Center Expert,6.5,MEDIUM,0.000590000010561198,false,false,false,false,,false,false,2023-04-18T21:15:00.000Z,0 CVE-2023-25549,https://securityvulnerability.io/vulnerability/CVE-2023-25549,Remote Code Execution Vulnerability in StruxureWare by Schneider Electric,"A vulnerability exists in StruxureWare Data Center Expert that enables attackers to execute arbitrary code remotely through improper control of the DCE network settings parameter. This flaw, categorized as CWE-94: Improper Control of Generation of Code ('Code Injection'), poses significant security risks, allowing unauthorized users to take control of the affected system. Effective measures should be implemented to mitigate these risks and secure your infrastructure.",Schneider Electric,StruxureWare Data Center Expert,9.8,CRITICAL,0.00279000005684793,false,false,false,false,,false,false,2023-04-18T21:15:00.000Z,0 CVE-2023-25550,https://securityvulnerability.io/vulnerability/CVE-2023-25550,Code Injection Vulnerability in StruxureWare Data Center Expert by Schneider Electric,"A code injection vulnerability exists in StruxureWare Data Center Expert that enables remote code execution through the manipulation of the 'hostname' parameter. Attackers can exploit this vulnerability by submitting specially crafted inputs, leading to unauthorized execution of arbitrary code within the affected system.",Schneider Electric,StruxureWare Data Center Expert,9.8,CRITICAL,0.00279000005684793,false,false,false,false,,false,false,2023-04-18T21:15:00.000Z,0 CVE-2021-22795,https://securityvulnerability.io/vulnerability/CVE-2021-22795,,A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior),Schneider Electric,Struxureware Data Center Expert,9.1,CRITICAL,0.0053900000639259815,false,false,false,false,,false,false,2022-04-13T16:15:00.000Z,0 CVE-2021-22794,https://securityvulnerability.io/vulnerability/CVE-2021-22794,,A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior),Schneider Electric,Struxureware Data Center Expert,9.1,CRITICAL,0.012620000168681145,false,false,false,false,,false,false,2022-04-13T16:15:00.000Z,0 CVE-2017-8371,https://securityvulnerability.io/vulnerability/CVE-2017-8371,,"Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.",Schneider Electric,Struxureware Data Center Expert,6.8,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2017-04-30T20:59:00.000Z,0