Vulnerabilities > Schneider Electric > Struxureware Data Center Expert > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-18	CVE-2023-25548	Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. network low complexity schneider-electric	6.5
2023-04-18	CVE-2023-25551	Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) network low complexity schneider-electric	6.1
2023-04-18	CVE-2023-25553	Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. network low complexity schneider-electric	6.1
2018-07-10	CVE-2018-3693	Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. local high complexity intel arm oracle schneider-electric netapp redhat fujitsu	5.6
2018-05-22	CVE-2018-3639	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. local low complexity intel arm redhat debian canonical siemens oracle mitel sonicwall schneider-electric nvidia microsoft CWE-203	5.5
2018-04-19	CVE-2018-2815	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). network low complexity oracle redhat debian canonical schneider-electric hp	5.3
2018-04-19	CVE-2018-2800	Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). network high complexity oracle redhat debian canonical schneider-electric hp	4.2
2018-04-19	CVE-2018-2799	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). network low complexity oracle redhat debian canonical hp schneider-electric apache	5.3
2018-04-19	CVE-2018-2798	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). network low complexity oracle redhat debian canonical hp schneider-electric	5.3
2018-04-19	CVE-2018-2797	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). network low complexity oracle redhat debian canonical hp schneider-electric	5.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.