VYPR

Struxureware Data Center Expert

by Schneider Electric

CVEs (25)

  • CVE-2022-32520Jan 30, 2023
    risk 0.00cvss epss 0.01

    A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to…

  • CVE-2022-32518Jan 30, 2023
    risk 0.00cvss epss 0.01

    A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to…

  • CVE-2021-22795Mar 28, 2022
    risk 0.00cvss epss 0.03

    A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

  • CVE-2021-22794Mar 28, 2022
    risk 0.00cvss epss 0.02

    A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

  • CVE-2018-7807Nov 30, 2018
    risk 0.00cvss epss 0.01

    Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As…

Page 2 of 2