A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command
('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to
access unauthorized content, change, or delete content, or perform unauthorized actions when
tampering with the alert settings of endpoints on DCE.
References
Configurations
History
21 Nov 2024, 08:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf - Vendor Advisory |
19 Jul 2023, 17:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:* | |
First Time |
Schneider-electric
Schneider-electric struxureware Data Center Expert |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf - Vendor Advisory |
12 Jul 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-12 07:15
Updated : 2024-11-21 08:11
NVD link : CVE-2023-37196
Mitre link : CVE-2023-37196
CVE.ORG link : CVE-2023-37196
JSON object : View
Products Affected
schneider-electric
- struxureware_data_center_expert
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')