Insufficiently Protected Credentials Vulnerability in Data Center Expert by Schneider Electric
CVE-2022-32520

8HIGH

Key Information:

Vendor: Schneider Electric
Status: Data Center Expert
Vendor: CVE Published:; 30 January 2023

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2022-32520?

A vulnerability exists in Schneider Electric's Data Center Expert that exposes sensitive credentials inadequately protected, enabling unauthorized access to a DCE instance through network exploitation by malicious actors. The issue specifically affects versions prior to V7.9.0, distinguishing it from similar vulnerabilities. Users are advised to upgrade to the latest version to mitigate potential security risks.

Affected Version(s)

Data Center Expert All

References

https://download.schneider-electric.com/files?p_enDocType...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Jun 7, 2022