PT-2023-1418 · Schneider Electric · Struxureware Data Center Expert
Published
2023-02-14
·
Updated
2023-04-27
·
CVE-2023-25547
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
StruxureWare Data Center Expert versions prior to 7.9.2
Description
A vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. The issue is related to incorrect authorization, which may enable a remote attacker to execute arbitrary code.
Recommendations
For versions prior to 7.9.2, update to a version that includes the fix for this issue to prevent remote code execution.
As a temporary workaround, consider restricting access to the package upload and installation features to minimize the risk of exploitation.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Struxureware Data Center Expert