CVE-2023-25554

Name of the Vulnerable Software and Affected Versions StruxureWare Data Center Expert versions 7.9.2 and prior

Description A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists, allowing a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. This issue can be exploited by an attacker to elevate their privileges.

Recommendations For StruxureWare Data Center Expert versions 7.9.2 and prior, as a temporary workaround, consider restricting the ability to enter Operating System commands on the device until a patch is available. Additionally, limit access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.