Missing Authorization Vulnerability in StruxureWare Data Center Expert by Schneider Electric
CVE-2023-25552

8.1HIGH

Key Information:

Vendor: Schneider Electric
Status: Struxureware Data Center Expert
Vendor: CVE Published:; 18 April 2023

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2023-25552?

A missing authorization vulnerability has been identified in StruxureWare Data Center Expert, which could enable unauthorized users to view sensitive content, modify, or delete critical data. This issue arises from the manipulation of Device File Transfer settings on DCE endpoints, allowing potential adversaries to perform unauthorized actions. Users are advised to review their configurations and implement necessary security measures to mitigate exposure.

Affected Version(s)

StruxureWare Data Center Expert All

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Feb 7, 2023