Schneider-electric » Struxureware Data Center Expert : Security Vulnerabilities, CVEs, (Code Execution) CVSS score >= 4
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
could cause remote code execution when an admin user on DCE tampers with backups which
are then manually restored.
Max CVSS
7.2
EPSS Score
0.08%
Published
2023-07-12
Updated
2023-07-20
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
could cause remote code execution when an admin user on DCE uploads or tampers with install
packages.
Max CVSS
7.2
EPSS Score
0.08%
Published
2023-07-12
Updated
2023-07-19
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
allows remote code execution via the “hostname” parameter when maliciously crafted hostname
syntax is entered.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Max CVSS
9.8
EPSS Score
0.34%
Published
2023-04-18
Updated
2023-04-27
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
allows for remote code execution when using a parameter of the DCE network settings
endpoint.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Max CVSS
9.8
EPSS Score
0.34%
Published
2023-04-18
Updated
2023-04-27
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution
on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Max CVSS
8.8
EPSS Score
0.14%
Published
2023-04-18
Updated
2023-04-27
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
Max CVSS
9.8
EPSS Score
0.36%
Published
2022-04-13
Updated
2022-04-20
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
Max CVSS
9.8
EPSS Score
0.50%
Published
2022-04-13
Updated
2022-04-20
7 vulnerabilities found