How severe is CVE-2023-37199?

CVE-2023-37199 has a CVSS v3 score of 6.8 (MEDIUM).

CVE-2023-37199

Name: struxureware_data_center_expert
Author: schneider-electric

6.8MEDIUM

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually

Опубликовано: 7/12/2023Обновлено: 11/21/2024

Описание

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.

ИИ-АнализНа базе ИИ

Затронутые продукты

schneider-electricstruxureware_data_center_expert

Ссылки

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf
Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf
Vendor Advisory