Insufficiently Protected Credentials Vulnerability in Data Center Expert by Schneider Electric
CVE-2022-32520

8HIGH

Key Information:

Vendor: Schneider Electric
Status: Data Center Expert
Vendor: CVE Published:; 30 January 2023

Summary

A vulnerability exists in Schneider Electric's Data Center Expert that exposes sensitive credentials inadequately protected, enabling unauthorized access to a DCE instance through network exploitation by malicious actors. The issue specifically affects versions prior to V7.9.0, distinguishing it from similar vulnerabilities. Users are advised to upgrade to the latest version to mitigate potential security risks.

Affected Version(s)

Data Center Expert All

References

https://download.schneider-electric.com/files?p_enDocType...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Jun 7, 2022

Collectors

NVD DatabaseMitre Database