A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
allows for remote code execution when using a parameter of the DCE network settings
endpoint.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
Configurations
History
27 Apr 2023, 18:58
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf - Vendor Advisory | |
CPE | cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
18 Apr 2023, 21:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-18 21:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-25549
Mitre link : CVE-2023-25549
CVE.ORG link : CVE-2023-25549
JSON object : View
Products Affected
schneider-electric
- struxureware_data_center_expert
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')