Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric struxureware data center expert vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-22794
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
Schneider-electric Struxureware Data Center Expert
9.8
CVSSv3
CVE-2021-22795
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
Schneider-electric Struxureware Data Center Expert
8.8
CVSSv3
CVE-2018-7807
Data Center Expert, versions 7.5.0 and previous versions, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file ...
Schneider-electric Struxureware Data Center Expert
6.8
CVSSv3
CVE-2017-8371
Schneider Electric StruxureWare Data Center Expert prior to 7.4.0 uses cleartext RAM storage for passwords, which might allow remote malicious users to obtain sensitive information via unspecified vectors.
Schneider-electric Struxureware Data Center Expert
8.8
CVSSv3
CVE-2023-37196
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized act...
Schneider-electric Struxureware Data Center Expert
8.8
CVSSv3
CVE-2023-37197
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized act...
Schneider-electric Struxureware Data Center Expert
7.2
CVSSv3
CVE-2023-37198
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.
Schneider-electric Struxureware Data Center Expert
7.2
CVSSv3
CVE-2023-37199
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.
Schneider-electric Struxureware Data Center Expert
8.8
CVSSv3
CVE-2023-25547
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Schneider-electric Struxureware Data Center Expert
6.5
CVSSv3
CVE-2023-25548
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Schneider-electric Struxureware Data Center Expert
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »