Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric struxureware data center expert vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2017-8371
Schneider Electric StruxureWare Data Center Expert prior to 7.4.0 uses cleartext RAM storage for passwords, which might allow remote malicious users to obtain sensitive information via unspecified vectors.
Schneider-electric Struxureware Data Center Expert
6.5
CVSSv2
CVE-2018-7807
Data Center Expert, versions 7.5.0 and previous versions, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file ...
Schneider-electric Struxureware Data Center Expert
NA
CVE-2023-25549
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Schneider-electric Struxureware Data Center Expert
NA
CVE-2023-25550
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (...
Schneider-electric Struxureware Data Center Expert
NA
CVE-2023-25555
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWar...
Schneider-electric Struxureware Data Center Expert
NA
CVE-2023-25548
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Schneider-electric Struxureware Data Center Expert
NA
CVE-2023-25553
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Schneider-electric Struxureware Data Center Expert
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2