CVE-2023-25552

Name of the Vulnerable Software and Affected Versions StruxureWare Data Center Expert versions prior to 7.9.2

Description The issue is related to insufficient authorization procedures in the system, allowing a remote attacker to perform unauthorized functions, modify, or delete arbitrary content. This can be achieved by tampering with the Device File Transfer settings on DCE endpoints, potentially leading to viewing unauthorized content, changes, or deletion of content.

Recommendations For versions prior to 7.9.2, update to a version that includes the necessary authorization fixes to prevent unauthorized access and modifications. As a temporary workaround, consider restricting access to the Device File Transfer settings on DCE endpoints to minimize the risk of exploitation.