Insufficiently Protected Credentials in Data Center Expert by Schneider Electric
CVE-2022-32518

8HIGH

Key Information:

Vendor: Schneider Electric
Status: Data Center Expert
Vendor: CVE Published:; 30 January 2023

Summary

A vulnerability exists in Data Center Expert where insufficiently protected credentials can allow unauthorized access to a DCE instance via network interactions by a malicious third-party. This security flaw highlights the importance of securing authentication processes to prevent unauthorized access to sensitive data and functionalities within the application. Users of affected versions, specifically those prior to V7.9.0, are urged to update to mitigate this security risk.

Affected Version(s)

Data Center Expert All

References

https://download.schneider-electric.com/files?p_enDocType...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Jun 7, 2022

Collectors

NVD DatabaseMitre Database