Vulnerabilities > Schneider Electric > Struxureware Data Center Expert > 7.9.3

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2023-37199 Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.
network
low complexity
schneider-electric
7.2
2023-07-12 CVE-2023-37196 SQL Injection vulnerability in Schneider-Electric Struxureware Data Center Expert
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE.
network
low complexity
schneider-electric CWE-89
8.8
2023-07-12 CVE-2023-37197 Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE.
network
low complexity
schneider-electric
8.8
2023-07-12 CVE-2023-37198 Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.
network
low complexity
schneider-electric
7.2