Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric struxureware data center expert vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25553
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Schneider-electric Struxureware Data Center Expert
NA
CVE-2023-25554
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected pr...
Schneider-electric Struxureware Data Center Expert
NA
CVE-2023-25555
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWar...
Schneider-electric Struxureware Data Center Expert
668
VMScore
CVE-2021-22794
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
Schneider-electric Struxureware Data Center Expert
668
VMScore
CVE-2021-22795
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
Schneider-electric Struxureware Data Center Expert
578
VMScore
CVE-2018-7807
Data Center Expert, versions 7.5.0 and previous versions, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file ...
Schneider-electric Struxureware Data Center Expert
356
VMScore
CVE-2017-8371
Schneider Electric StruxureWare Data Center Expert prior to 7.4.0 uses cleartext RAM storage for passwords, which might allow remote malicious users to obtain sensitive information via unspecified vectors.
Schneider-electric Struxureware Data Center Expert
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2