Authorization Bypass Vulnerability in StruxureWare Data Center Expert from Schneider Electric
CVE-2023-25548

8.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Struxureware Data Center Expert
Vendor: CVE Published:; 18 April 2023

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2023-25548?

A vulnerability has been identified in StruxureWare Data Center Expert that allows low privileged users to access sensitive device credentials. This weakness arises from insufficient security measures on specific DCE endpoints, potentially leading to unauthorized access. Organizations utilizing earlier versions of the software should address this issue to ensure proper security controls are in place to protect against unauthorized credential access.

Affected Version(s)

StruxureWare Data Center Expert All

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Feb 7, 2023