Vulnerability Details CVE-2023-25552
A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized
content, changes or deleting of content, or performing unauthorized functions when tampering
the Device File Transfer settings on DCE endpoints.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.9%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2023-25552
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.3.1
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.0
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.1
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.2
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.3
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.5.0
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.6.0
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.7.1
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.8.1
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.9.2