CVE-2023-37196

Name of the Vulnerable Software and Affected Versions StruxureWare Data Center Expert (affected versions not specified)

Description The issue is related to a possibility of command injection, which could allow a remote attacker to execute arbitrary code. It is also described as an SQL Injection vulnerability, where a user already authenticated on the system could access unauthorized content, change or delete content, or perform unauthorized actions by tampering with the alert settings of endpoints.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.