CVE-2023-25555

Name of the Vulnerable Software and Affected Versions StruxureWare Data Center Expert versions 7.9.2 and prior

Description A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH.

Recommendations For StruxureWare Data Center Expert versions 7.9.2 and prior, consider disabling SSH access until a patch is available. Restrict access to the appliance to minimize the risk of exploitation. Avoid using the appliance for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.