CVE-2023-25552

CWE-862 — Missing Authorization3 documents3 sources

Severity

8.1HIGH

EPSS

0.3%

top 50.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Struxureware Data Center Expert Schneider-electric Struxureware Data Center Expert

Timeline

PublishedApr 18

Description

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5schneider_electric/struxureware_data_center_expertAll — V7.9.2

▶NVDschneider-electric/struxureware_data_center_expert7.9.2

🔴Vulnerability Details

GHSA

GHSA-7w4f-pxm2-64j9: A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing↗2023-04-18

▶

CVEList

CVE-2023-25552: A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing↗2023-04-18

▶