Schneider-electric » Struxureware Data Center Expert : Security Vulnerabilities, CVEs, (Code Execution) CVSS score >= 9
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
allows remote code execution via the “hostname” parameter when maliciously crafted hostname
syntax is entered.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Max CVSS
9.8
EPSS Score
0.25%
Published
2023-04-18
Updated
2023-04-27
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
allows for remote code execution when using a parameter of the DCE network settings
endpoint.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Max CVSS
9.8
EPSS Score
0.25%
Published
2023-04-18
Updated
2023-04-27
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
Max CVSS
9.8
EPSS Score
0.36%
Published
2022-04-13
Updated
2022-04-20
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
Max CVSS
9.8
EPSS Score
0.50%
Published
2022-04-13
Updated
2022-04-20
4 vulnerabilities found