Vulnerability Details CVE-2023-37198
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
could cause remote code execution when an admin user on DCE uploads or tampers with install
packages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 81.1%
CVSS Severity
CVSS v3 Score 6.8
References
Products affected by CVE-2023-37198
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.3.1
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.0
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.1
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.2
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.3
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.5.0
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.6.0
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.7.1
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.8.1
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.9.2
-
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.9.3