Schneider-electric Struxureware Data Center Expert — known CVE vulnerabilities
Every CVE whose affected-product data names Schneider-electric Struxureware Data Center Expert, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (49)
CVE-2021-22795 — CVSS 9.1 (critical): A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause…
CVE-2021-22794 — CVSS 9.1 (critical): A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code…
CVE-2023-37197 — CVSS 8.8 (high): A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that…
CVE-2023-25548 — CVSS 8.8 (high): A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being…
CVE-2023-25547 — CVSS 8.8 (high): A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker…
CVE-2023-37196 — CVSS 8.8 (high): A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that…
CVE-2018-7807 — CVSS 8.8 (high): Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully…
CVE-2018-2814 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected…
CVE-2018-2633 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are…
CVE-2023-25552 — CVSS 8.1 (high): A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or…
CVE-2018-1124 — CVSS 7.8 (high): procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This…
CVE-2023-25554 — CVSS 7.8 (high): A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a…
CVE-2018-2794 — CVSS 7.7 (high): Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java…
CVE-2018-2811 — CVSS 7.7 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162…
CVE-2018-2637 — CVSS 7.4 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are…
CVE-2023-25549 — CVSS 7.2 (high): A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a…
CVE-2023-25550 — CVSS 7.2 (high): A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the…
CVE-2017-8371 — CVSS 6.8 (medium): Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote…
CVE-2018-2634 — CVSS 6.8 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are…
CVE-2023-37198 — CVSS 6.8 (medium): A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an…
CVE-2023-37199 — CVSS 6.8 (medium): A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an…
CVE-2018-2582 — CVSS 6.5 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected…
CVE-2026-8045 — CVSS 6.5 (medium): CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side…
CVE-2023-25551 — CVSS 6.1 (medium): A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload…
CVE-2018-2641 — CVSS 6.1 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are…
CVE-2023-25553 — CVSS 6.1 (medium): A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint…
CVE-2018-2618 — CVSS 5.9 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are…
CVE-2018-3693 — CVSS 5.6 (medium): Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an…
CVE-2023-25555 — CVSS 5.6 (medium): A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow…
CVE-2018-3639 — CVSS 5.5 (medium): Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior…
CVE-2018-2795 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are…
CVE-2018-2796 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that…
CVE-2018-2797 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are…
CVE-2018-2798 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are…
CVE-2018-2799 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are…
CVE-2018-2815 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that…
CVE-2018-2657 — CVSS 5.3 (medium): Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are…
CVE-2018-2629 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are…
CVE-2018-2603 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are…
CVE-2018-2599 — CVSS 4.8 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are…
CVE-2018-1126 — CVSS 4.8 (medium): procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues…
CVE-2018-2602 — CVSS 4.5 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are…
CVE-2018-2677 — CVSS 4.3 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are…
CVE-2018-2678 — CVSS 4.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are…
CVE-2018-2588 — CVSS 4.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are…
CVE-2018-2663 — CVSS 4.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are…
CVE-2018-2800 — CVSS 4.2 (medium): Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE…
CVE-2018-2579 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are…
CVE-2018-2790 — CVSS 3.1 (low): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected…