CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25552
https://notcve.org/view.php?id=CVE-2023-25552
18 Apr 2023 — A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device Fil... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25548
https://notcve.org/view.php?id=CVE-2023-25548
18 Apr 2023 — A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Cen... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-25547
https://notcve.org/view.php?id=CVE-2023-25547
18 Apr 2023 — A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-22794 – Schneider Electric Struxureware Data Center Expert Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22794
15 Sep 2021 — A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) Una CWE-22: Se presenta una vulnerabilidad de Limitación de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta ") que podría causar una ejecución de código remota. Producto afectado: StruxureWare Data Center Expert (versiones V7.8.1 y anteriores) This vulnerability allows remote att... • https://www.se.com/ww/en/download/document/SEVD-2021-257-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-22795 – Schneider Electric Struxureware Data Center Expert Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22795
15 Sep 2021 — A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) Una CWE-78: Se presenta una vulnerabilidad de Neutralización Inapropiada de Elementos Especiales Usados en un Comando del Sistema Operativo (" Inyección de Comandos del Sistema Operativo") que podría causar una ejecución de código remota cuando es ll... • https://www.se.com/ww/en/download/document/SEVD-2021-257-03 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1095EXPL: 0CVE-2018-3693 – Kernel: speculative bounds check bypass store
https://notcve.org/view.php?id=CVE-2018-3693
10 Jul 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y la predicción de ramas podría permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un desbordamiento de búfer especulativo y el análisis de canal lateral. ... • https://access.redhat.com/errata/RHSA-2018:2384 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •