CVE-2023-37199

MEDIUM

StruxureWare Data Center Expert < 7.9.3 - Authenticated Remote Code Execution via Backup Tampering

Title source: llm

Description

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.

References (1)

Core 1

Core References

Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf

Scores

CVSS v3 6.8

EPSS 0.0226

EPSS Percentile 84.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

schneider-electric/struxureware_data_center_expert < 7.9.3

Published Jul 12, 2023

Tracked Since Feb 18, 2026