CVE-2023-25549

Name of the Vulnerable Software and Affected Versions StruxureWare Data Center Expert versions prior to 7.9.2

Description A code injection issue exists, allowing for remote code execution when using a parameter of the DCE network settings endpoint. This could enable a remote attacker to execute arbitrary code.

Recommendations For versions prior to 7.9.2, update to a version newer than 7.9.2 to resolve the issue. As a temporary workaround, consider restricting access to the DCE network settings endpoint to minimize the risk of exploitation. Avoid using the vulnerable parameter in the affected endpoint until the issue is resolved.