CVE-2023-37197

Name of the Vulnerable Software and Affected Versions StruxureWare Data Center Expert (affected versions not specified)

Description A SQL Injection vulnerability exists due to improper neutralization of special elements in SQL commands, allowing an authenticated user to access, change, or delete unauthorized content, or perform unauthorized actions by tampering with mass configuration settings of endpoints. This issue can be exploited remotely, enabling an attacker to modify or delete arbitrary content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.