Schneider Electric Data Center Expert vulnerabilities

6 known vulnerabilities affecting schneider_electric/data_center_expert.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL2HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2024-8531HIGHCVSS 7.2vVersions 8.1.1.3 and prior2024-10-11

CVE-2024-8531 [HIGH] CWE-347 CVE-2024-8531: CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.

CVE-2024-8530MEDIUMCVSS 5.9vVersions 8.1.1.3 and prior2024-10-11

CVE-2024-8530 [MEDIUM] CWE-306 CVE-2024-8530: CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS.

CVE-2022-32518CRITICALCVSS 9.8≥ All, < V7.9.02023-01-30

CVE-2022-32518 [CRITICAL] CWE-522 CVE-2022-32518: A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted a A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)

CVE-2022-32519CRITICALCVSS 9.8≥ All, < V7.9.02023-01-30

CVE-2022-32519 [CRITICAL] CWE-257 CVE-2022-32519: A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwan A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)

CVE-2022-32521HIGHCVSS 8.8≥ All, < V7.9.02023-01-30

CVE-2022-32521 [HIGH] CWE-502 CVE-2022-32521: A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remote A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)

CVE-2022-32520HIGHCVSS 8.0≥ All, < V7.9.02023-01-30

CVE-2022-32520 [HIGH] CWE-522 CVE-2022-32520: A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a netw A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)