cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37199,https://securityvulnerability.io/vulnerability/CVE-2023-37199,Code Injection Vulnerability in Schneider Electric DCE Product,"A vulnerability exists within Schneider Electric's DCE product that allows an admin user to execute arbitrary code remotely due to improper handling of backup restoration processes. When backups are tampered with and manually restored, this can lead to exploitation, enabling threat actors to potentially compromise system integrity.",Schneider Electric,Struxureware Data Center Expert,6.8,MEDIUM,0.0012199999764561653,false,,false,false,false,,,false,false,,2023-07-12T08:15:00.000Z,0
CVE-2023-37198,https://securityvulnerability.io/vulnerability/CVE-2023-37198,Code Injection Vulnerability in DCE by Schneider Electric,"A vulnerability exists in Schneider Electric's DCE that allows an admin user to upload or manipulate install packages, leading to a risk of remote code execution. The flaw is categorized as a code injection issue, which could be exploited by an attacker to execute arbitrary code within the application. This vulnerability places a significant risk on systems utilizing vulnerable versions of the product, highlighting the need for immediate mitigation and patching.",Schneider Electric,Struxureware Data Center Expert,6.8,MEDIUM,0.0012199999764561653,false,,false,false,false,,,false,false,,2023-07-12T07:15:00.000Z,0
CVE-2023-37196,https://securityvulnerability.io/vulnerability/CVE-2023-37196,SQL Injection Vulnerability in DCE by Schneider Electric,"A vulnerability exists within Schneider Electric's DCE (Data Center Expert) that is characterized as an improper neutralization of special elements in an SQL command, commonly known as SQL injection. This flaw permits authenticated users to access unauthorized content, modify or delete data, and execute actions beyond their intended privileges when manipulating alert settings for endpoints in DCE.",Schneider Electric,Struxureware Data Center Expert,8.8,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-07-12T07:15:00.000Z,0
CVE-2023-37197,https://securityvulnerability.io/vulnerability/CVE-2023-37197,SQL Injection Vulnerability in Schneider Electric's DCE,"An SQL Injection vulnerability exists in Schneider Electric's DCE that can be exploited by an authenticated user. This flaw enables the attacker to manipulate configuration settings, potentially allowing unauthorized access to sensitive content, alterations to existing data, or deletion of critical information. Users must be cautious as the manipulation of mass settings can lead to severe security breaches if left unaddressed.",Schneider Electric,Struxureware Data Center Expert,8.8,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-07-12T07:15:00.000Z,0
CVE-2023-25547,https://securityvulnerability.io/vulnerability/CVE-2023-25547,Incorrect Authorization in StruxureWare Data Center Expert by Schneider Electric,"An incorrect authorization vulnerability has been identified in StruxureWare Data Center Expert, enabling attackers with limited privileges to execute remote code. This risk arises when malicious users exploit weaknesses in the system, allowing unauthorized operations during the upload and installation of packages. Proper security measures and updates are essential for safeguarding against potential exploitation.",Schneider Electric,Struxureware Data Center Expert,8.8,HIGH,0.001509999972768128,false,,false,false,false,,,false,false,,2023-04-18T21:15:00.000Z,0
CVE-2023-25553,https://securityvulnerability.io/vulnerability/CVE-2023-25553,Cross-site Scripting Vulnerability in StruxureWare by Schneider Electric,"A cross-site scripting vulnerability has been identified in the logging capabilities of the webserver for StruxureWare Data Center Expert. This vulnerability arises from the improper neutralization of input, enabling attackers to inject malicious scripts that could be executed in a user's browser. Exploiting this flaw could allow an attacker to manipulate web sessions, steal cookies, or perform unauthorized actions on behalf of the user. It is essential for users of affected versions to implement security measures to mitigate this risk.",Schneider Electric,Struxureware Data Center Expert,6.1,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-04-18T21:15:00.000Z,0
CVE-2023-25554,https://securityvulnerability.io/vulnerability/CVE-2023-25554,OS Command Injection Vulnerability in StruxureWare Data Center Expert by Schneider Electric,"An OS Command Injection vulnerability has been discovered in StruxureWare Data Center Expert that allows attackers to escalate their privileges locally by executing specially crafted operating system commands. This vulnerability highlights the importance of securing application inputs to prevent unauthorized command execution, which could potentially compromise the integrity and confidentiality of the affected system.",Schneider Electric,Struxureware Data Center Expert,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T21:15:00.000Z,0
CVE-2023-25555,https://securityvulnerability.io/vulnerability/CVE-2023-25555,OS Command Injection Vulnerability in StruxureWare Data Center Expert by Schneider Electric,"An OS Command Injection vulnerability exists in StruxureWare Data Center Expert, enabling authenticated users to execute unprivileged shell commands via SSH. This security flaw arises from improper handling of special elements, allowing an attacker with valid credentials to exploit the system. It is crucial for users to apply necessary security patches and mitigate potential risks connected with this vulnerability.",Schneider Electric,Struxureware Data Center Expert,5.6,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2023-04-18T21:15:00.000Z,0
CVE-2023-25550,https://securityvulnerability.io/vulnerability/CVE-2023-25550,Code Injection Vulnerability in StruxureWare Data Center Expert by Schneider Electric,"A code injection vulnerability exists in StruxureWare Data Center Expert that enables remote code execution through the manipulation of the 'hostname' parameter. Attackers can exploit this vulnerability by submitting specially crafted inputs, leading to unauthorized execution of arbitrary code within the affected system.",Schneider Electric,Struxureware Data Center Expert,7.2,HIGH,0.00279000005684793,false,,false,false,false,,,false,false,,2023-04-18T21:15:00.000Z,0
CVE-2023-25551,https://securityvulnerability.io/vulnerability/CVE-2023-25551,Cross-Site Scripting Vulnerability in StruxureWare Data Center Expert from Schneider Electric,"A Cross-Site Scripting vulnerability has been identified in the StruxureWare Data Center Expert, specifically on the DCE file upload endpoint. The vulnerability arises due to improper neutralization of user input parameters during web page generation, allowing for potential manipulation of the application by an attacker. By exploiting this flaw, attackers could execute arbitrary scripts in the context of the user’s session, which may lead to unauthorized access or data exposure.",Schneider Electric,Struxureware Data Center Expert,6.1,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-04-18T21:15:00.000Z,0
CVE-2023-25552,https://securityvulnerability.io/vulnerability/CVE-2023-25552,Missing Authorization Vulnerability in StruxureWare Data Center Expert by Schneider Electric,"A missing authorization vulnerability has been identified in StruxureWare Data Center Expert, which could enable unauthorized users to view sensitive content, modify, or delete critical data. This issue arises from the manipulation of Device File Transfer settings on DCE endpoints, allowing potential adversaries to perform unauthorized actions. Users are advised to review their configurations and implement necessary security measures to mitigate exposure.",Schneider Electric,StruxureWare Data Center Expert,8.1,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2023-04-18T21:15:00.000Z,0
CVE-2023-25548,https://securityvulnerability.io/vulnerability/CVE-2023-25548,Authorization Bypass Vulnerability in StruxureWare Data Center Expert from Schneider Electric,"A vulnerability has been identified in StruxureWare Data Center Expert that allows low privileged users to access sensitive device credentials. This weakness arises from insufficient security measures on specific DCE endpoints, potentially leading to unauthorized access. Organizations utilizing earlier versions of the software should address this issue to ensure proper security controls are in place to protect against unauthorized credential access.",Schneider Electric,StruxureWare Data Center Expert,6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-04-18T21:15:00.000Z,0
CVE-2023-25549,https://securityvulnerability.io/vulnerability/CVE-2023-25549,Remote Code Execution Vulnerability in StruxureWare by Schneider Electric,"A vulnerability exists in StruxureWare Data Center Expert that enables attackers to execute arbitrary code remotely through improper control of the DCE network settings parameter. This flaw, categorized as CWE-94: Improper Control of Generation of Code ('Code Injection'), poses significant security risks, allowing unauthorized users to take control of the affected system. Effective measures should be implemented to mitigate these risks and secure your infrastructure.",Schneider Electric,StruxureWare Data Center Expert,9.8,CRITICAL,0.00279000005684793,false,,false,false,false,,,false,false,,2023-04-18T21:15:00.000Z,0
CVE-2021-22794,https://securityvulnerability.io/vulnerability/CVE-2021-22794,Path Traversal Vulnerability in StruxureWare Data Center Expert by Schneider Electric,"A path traversal vulnerability has been identified in StruxureWare Data Center Expert, which allows attackers to manipulate file paths and gain unauthorized access to the system. This flaw can lead to remote code execution, enabling malicious actors to execute arbitrary code on the affected server. Users of StruxureWare Data Center Expert should promptly apply available patches to mitigate the risks associated with this severe security issue.",Schneider Electric,Struxureware Data Center Expert,9.1,CRITICAL,0.012620000168681145,false,,false,false,false,,,false,false,,2022-04-13T16:15:00.000Z,0
CVE-2021-22795,https://securityvulnerability.io/vulnerability/CVE-2021-22795,OS Command Injection Vulnerability in StruxureWare Data Center Expert by Schneider Electric,"A vulnerability exists in StruxureWare Data Center Expert that allows for OS command injection, enabling attackers to execute arbitrary commands remotely. This issue arises from inadequate sanitization of input, posing significant risks to the integrity and confidentiality of the managed systems. It is crucial for users of versions V7.8.1 and earlier to assess their exposure and apply necessary patches to mitigate potential threats.",Schneider Electric,Struxureware Data Center Expert,9.1,CRITICAL,0.0053900000639259815,false,,false,false,false,,,false,false,,2022-04-13T16:15:00.000Z,0
CVE-2017-8371,https://securityvulnerability.io/vulnerability/CVE-2017-8371,,"Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.",Schneider Electric,Struxureware Data Center Expert,6.8,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2017-04-30T20:59:00.000Z,0