CVE-2023-25548
published 2023-04-18CVE-2023-25548: A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device
credentials on specific DCE endpoints not being properly secured when a hacker is using a low
privileged user.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | struxureware_data_center_expert | <= 7.9.2 | — |
| schneider_electric | struxureware_data_center_expert | All – V7.9.2 | — |