CVE-2023-37199: Code Injection
First published: Wed Jul 12 2023(Updated: )
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.
Credit: cybersecurity@se.com cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Struxureware Data Center Expert | <=7.9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this code injection vulnerability?
The vulnerability ID for this code injection vulnerability is CVE-2023-37199.
What is the severity level of CVE-2023-37199?
The severity level of CVE-2023-37199 is high.
How does the code injection vulnerability in Schneider-electric Struxureware Data Center Expert (version 7.9.3) occur?
The code injection vulnerability occurs when an admin user on DCE tampers with backups and then manually restores them.
What is the potential impact of this code injection vulnerability?
The code injection vulnerability could result in remote code execution.
How can I mitigate the code injection vulnerability in Schneider-electric Struxureware Data Center Expert (version 7.9.3)?
To mitigate the code injection vulnerability, apply the necessary security patch provided by Schneider-electric.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/tags
- agent/event
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric struxureware data center expert
- version/schneider-electric struxureware data center expert/7.9.3