Schneider-Electric Data Center Expert vulnerabilities

CVE-2022-32518 [HIGH] CWE-522 CVE-2022-32518: A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted a A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)

CVE-2022-32519 [HIGH] CWE-257 CVE-2022-32519: A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwan A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)

CVE-2022-32520 [HIGH] CVE-2022-32520: A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted a A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)

CVE-2022-32521 [HIGH] CWE-502 CVE-2022-32521: A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remote A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)