Schneider-electric » Struxureware Data Center Expert : Security Vulnerabilities, CVEs, (Code Execution) CVSS score >= 9

CVE-2023-25550

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Max CVSS
9.8
EPSS Score
0.25%
Published
2023-04-18
Updated
2023-04-27

CVE-2023-25549

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Max CVSS
9.8
EPSS Score
0.25%
Published
2023-04-18
Updated
2023-04-27

CVE-2021-22795

A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
Max CVSS
9.8
EPSS Score
0.36%
Published
2022-04-13
Updated
2022-04-20

CVE-2021-22794

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
Max CVSS
9.8
EPSS Score
0.50%
Published
2022-04-13
Updated
2022-04-20
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close