Struxureware Data Center Expert

struxureware_data_center_expert

CVEs (48)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-37199 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Jul 12, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.
CVE-2023-37198 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Jul 12, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.
CVE-2023-37197 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Jul 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, ch...Show more A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE. Show less
CVE-2023-37196 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Jul 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, chan...Show more A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE. Show less
CVE-2023-25555 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 18, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell co...Show more A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) Show less
CVE-2023-25554 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 18, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operatin...Show more A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) Show less
CVE-2023-25553 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Aff...Show more A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) Show less
CVE-2023-25552 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 18, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer sett...Show more A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) Show less
CVE-2023-25551 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affec...Show more A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) Show less
CVE-2023-25550 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered....Show more A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) Show less
CVE-2023-25549 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected prod...Show more A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) Show less
CVE-2023-25548 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected produc...Show more A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) Show less
CVE-2023-25547 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Ce...Show more A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) Show less
CVE-2021-22795 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 13, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureW...Show more A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)Show less
CVE-2021-22794 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 13, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
CVE-2018-7807 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Nov 30, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via thi...Show more Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.Show less
CVE-2018-3693 7Arm FujitsuIntel+4 more 225Atom C Atom EAtom X3+222 more Nov 21, 2024 Jul 10, 2018 N/A· v4 5.6 MEDIUM· v3 4.7 MEDIUM· v2 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel...Show more Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.Show less
CVE-2018-1126 5Canonical DebianProcps Ng Project+2 more 10Debian Linux Enterprise LinuxEnterprise Linux Desktop+7 more Nov 21, 2024 May 23, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVE-2018-1124 6Canonical DebianOpensuse+3 more 9Debian Linux Enterprise LinuxEnterprise Linux Desktop+6 more Nov 21, 2024 May 23, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs b...Show more procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.Show less
CVE-2018-3639 12Arm CanonicalDebian+9 more 282Atom C Atom EAtom X5 E3930+279 more May 29, 2026 May 22, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an atta...Show more Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.Show less

12 3 Next