A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command
('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to
access unauthorized content, change, or delete content, or perform unauthorized actions when
tampering with the mass configuration settings of endpoints on DCE.
References
Configurations
History
21 Nov 2024, 08:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf - Vendor Advisory |
19 Jul 2023, 17:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:* | |
First Time |
Schneider-electric
Schneider-electric struxureware Data Center Expert |
|
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf - Vendor Advisory |
12 Jul 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-12 07:15
Updated : 2024-11-21 08:11
NVD link : CVE-2023-37197
Mitre link : CVE-2023-37197
CVE.ORG link : CVE-2023-37197
JSON object : View
Products Affected
schneider-electric
- struxureware_data_center_expert
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')