Vulnerabilities > Schneider Electric > Struxureware Data Center Expert > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-18	CVE-2023-25548	Incorrect Authorization vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. network low complexity schneider-electric CWE-863	6.5
2023-04-18	CVE-2023-25551	Cross-site Scripting vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) network low complexity schneider-electric CWE-79	6.1
2023-04-18	CVE-2023-25553	Cross-site Scripting vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. network low complexity schneider-electric CWE-79	6.1
2018-11-30	CVE-2018-7807	Path Traversal vulnerability in Schneider-Electric Struxureware Data Center Expert Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. network low complexity schneider-electric CWE-22	6.5
2018-07-10	CVE-2018-3693	Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. local intel arm oracle schneider-electric netapp redhat fujitsu	4.7
2018-05-23	CVE-2018-1124	Integer Overflow or Wraparound vulnerability in multiple products procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. local low complexity procps-ng-project canonical debian redhat schneider-electric opensuse CWE-190	4.6
2018-04-19	CVE-2018-2815	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). network low complexity oracle redhat debian canonical schneider-electric hp	5.3
2018-04-19	CVE-2018-2800	Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). network high complexity oracle redhat debian canonical schneider-electric hp	4.0
2018-04-19	CVE-2018-2799	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). network low complexity oracle redhat debian canonical hp schneider-electric apache	5.3
2018-04-19	CVE-2018-2798	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). network low complexity oracle redhat debian canonical hp schneider-electric	5.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.