CVE-2017-8371

Published: Apr 30, 2017Modified: May 13, 2026

6.8

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Exploitability: 2.3 / Impact: 4.0

Source: NVD

Description

Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.

Affected (1)

Products: Schneider Electric: Struxureware Data Center Expert

Schneider Electric

1 product

Struxureware Data Center Expert

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Struxureware Data Center Expert	Up to 7.3.1

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01

Source: cve@mitre.org

MitigationPatchVendor Advisory

http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticle

Source: cve@mitre.org

Third Party Advisory

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticle

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.