A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
allows for remote code execution when using a parameter of the DCE network settings
endpoint.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
Configurations
History
21 Nov 2024, 07:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
Information
Published : 2023-04-18 21:15
Updated : 2024-11-21 07:49
NVD link : CVE-2023-25549
Mitre link : CVE-2023-25549
CVE.ORG link : CVE-2023-25549
JSON object : View
Products Affected
schneider-electric
- struxureware_data_center_expert
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')