PT-2023-1607 · Schneider Electric · Struxureware Data Center Expert
Published
2023-02-14
·
Updated
2023-04-27
·
CVE-2023-25548
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
StruxureWare Data Center Expert versions prior to 7.9.2
Description
The issue is related to insufficient authorization procedures in the system, allowing a remote attacker to potentially execute arbitrary code. Specifically, it involves a CWE-863: Incorrect Authorization vulnerability that could allow access to device credentials on specific endpoints not being properly secured when a low-privileged user is used.
Recommendations
For versions prior to 7.9.2, update to a version that includes the necessary security patches to address the authorization vulnerability. As a temporary workaround, consider restricting access to specific DCE endpoints to minimize the risk of exploitation.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Struxureware Data Center Expert