CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32518
https://notcve.org/view.php?id=CVE-2022-32518
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0) Existe una vulnerabilidad CWE-522: Credenciales insuficientemente protegidas que podría provocar un acceso no deseado a una instancia de DCE cuando un tercero malintencionado lo realiza a través de una red. Este CVE es único de CVE-2022-32520. Productos afectados: Data Center Expert (versiones anteriores a V7.9.0) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32520
https://notcve.org/view.php?id=CVE-2022-32520
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0) Existe una vulnerabilidad CWE-522: Credenciales insuficientemente protegidas que podría provocar un acceso no deseado a una instancia de DCE cuando un tercero malintencionado lo realiza a través de una red. Este CVE es único de CVE-2022-32518. Productos afectados: Data Center Expert (versiones anteriores a V7.9.0) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32519
https://notcve.org/view.php?id=CVE-2022-32519
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0) Existe una vulnerabilidad CWE-257: almacenamiento de contraseñas en un formato recuperable que podría provocar un acceso no deseado a una instancia de DCE cuando un tercero malintencionado lo realiza a través de una red. Productos afectados: Data Center Expert (versiones anteriores a V7.9.0) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04 • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32521
https://notcve.org/view.php?id=CVE-2022-32521
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-22794 – Schneider Electric Struxureware Data Center Expert Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22794
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) Una CWE-22: Se presenta una vulnerabilidad de Limitación de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta ") que podría causar una ejecución de código remota. Producto afectado: StruxureWare Data Center Expert (versiones V7.8.1 y anteriores) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric Struxureware Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.se.com/ww/en/download/document/SEVD-2021-257-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •