CVE-2023-25549

Summary

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint.

Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricStruxureWare Data Center ExpertAll <= V7.9.2affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References