Authorization Bypass Vulnerability in StruxureWare Data Center Expert from Schneider Electric
CVE-2023-25548

6.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: StruxureWare Data Center Expert
Vendor: CVE Published:; 18 April 2023

Summary

A vulnerability has been identified in StruxureWare Data Center Expert that allows low privileged users to access sensitive device credentials. This weakness arises from insufficient security measures on specific DCE endpoints, potentially leading to unauthorized access. Organizations utilizing earlier versions of the software should address this issue to ensure proper security controls are in place to protect against unauthorized credential access.

Affected Version(s)

StruxureWare Data Center Expert All

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Feb 7, 2023