Sensitive Data Exposure in Schneider Electric StruxureWare Data Center Expert
CVE-2017-8371

6.8MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Struxureware Data Center Expert
Vendor: CVE Published:; 30 April 2017

Summary

The StruxureWare Data Center Expert by Schneider Electric prior to version 7.4.0 has been found to store passwords in cleartext in RAM. This design flaw could permit remote attackers to exploit unspecified vulnerabilities to retrieve sensitive user credentials, posing significant risks to data integrity and confidentiality. Organizations using this product are advised to upgrade to the latest version to mitigate potential security threats.

References

http://download.schneider-electric.com/files?p_Doc_Ref=SE...

x_refsource_MISC

http://www.datacenterdynamics.com/content-tracks/security...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 30, 2017