SQL Injection Vulnerability in Schneider Electric's DCE
CVE-2023-37197

8.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Struxureware Data Center Expert
Vendor: CVE Published:; 12 July 2023

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2023-37197?

An SQL Injection vulnerability exists in Schneider Electric's DCE that can be exploited by an authenticated user. This flaw enables the attacker to manipulate configuration settings, potentially allowing unauthorized access to sensitive content, alterations to existing data, or deletion of critical information. Users must be cautious as the manipulation of mass settings can lead to severe security breaches if left unaddressed.

Affected Version(s)

StruxureWare Data Center Expert v7.9.3 and earlier

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
Jun 28, 2023