CVE-2023-37198: Code Injection
First published: Wed Jul 12 2023(Updated: )
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.
Credit: cybersecurity@se.com cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Struxureware Data Center Expert | <=7.9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-37198.
What is the severity level of CVE-2023-37198?
CVE-2023-37198 has a severity level of high, with a value of 7.
What is the CWE category of CVE-2023-37198?
CVE-2023-37198 falls under the CWE-94 category, which is an Improper Control of Generation of Code (Code Injection) vulnerability.
Which software versions are affected by CVE-2023-37198?
Schneider-electric Struxureware Data Center Expert versions up to and including 7.9.3 are affected by CVE-2023-37198.
How can the CVE-2023-37198 vulnerability be exploited?
The CVE-2023-37198 vulnerability can be exploited by an admin user on DCE who uploads or tampers with install packages, potentially leading to remote code execution.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric struxureware data center expert
- version/schneider-electric struxureware data center expert/7.9.3