How severe is CVE-2023-37198?

CVE-2023-37198 has a CVSS v3 score of 6.8 (MEDIUM).

CVE-2023-37198

Name: struxureware_data_center_expert
Author: schneider-electric

6.8MEDIUM

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.

发布于: 7/12/2023更新于: 11/21/2024

描述

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.

AI分析AI驱动

受影响产品

schneider-electricstruxureware_data_center_expert

参考资料

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf
Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf
Vendor Advisory