How severe is CVE-2023-25552?

CVE-2023-25552 has a CVSS v3 score of 8.1 (HIGH).

CVE-2023-25552

Name: struxureware_data_center_expert
Author: schneider-electric

8.1HIGH

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Devic

Published: 4/18/2023Updated: 11/21/2024

Description

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

AI AnalysisPowered by AI

Affected Products

schneider-electricstruxureware_data_center_expert

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Vendor Advisory