CVE-2023-25552

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints.

Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

Published: Apr 18, 2023
Updated: Apr 28, 2023
CVE: CVE-2023-25552
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
schneider-electric / struxureware_data_center_expert	-	7.9.2.x

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf

Vulnerability Database

289,599

CVE-2023-25552