A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability exists that allows a local privilege escalation on the appliance
when a maliciously crafted Operating System command is entered on the device.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
Configurations
History
21 Nov 2024, 07:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf - Vendor Advisory |
Information
Published : 2023-04-18 21:15
Updated : 2024-11-21 07:49
NVD link : CVE-2023-25554
Mitre link : CVE-2023-25554
CVE.ORG link : CVE-2023-25554
JSON object : View
Products Affected
schneider-electric
- struxureware_data_center_expert
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')