VDB
CVE-2023-37199
CVE-2023-37199
PUBLISHED
CVSS 6.800000190734863 MEDIUM
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.
EPSS 2.26% · 84.9th percentile
Risk Scores
CVSS 3.1
6.800000190734863
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS Score
2.26%
84.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | struxureware_data_center_expert | 0 |
| Schneider Electric | StruxureWare Data Center Expert | v7.9.3 and earlier |
| schneider-electric | struxureware_data_center_expert | 0 |
Exploit Intelligence
Timeline
- Jul 11, 2023 CVE Published
- Jul 12, 2023 EPSS Score
- Aug 16, 2023 EPSS Score
- Sep 19, 2023 EPSS Score
- Nov 27, 2023 EPSS Score
- Jan 1, 2024 EPSS Score
- Feb 5, 2024 EPSS Score
- Mar 10, 2024 EPSS Score
- May 18, 2024 EPSS Score
- Jun 22, 2024 EPSS Score
- Jul 26, 2024 EPSS Score
- Aug 30, 2024 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-02.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-03.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-04.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-37199 advisory