CVE-2023-37199

Summary

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricStruxureWare Data Center Expertv7.9.3 and earlieraffected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References