Lucene search

[email protected]CVE-2023-25553

HistoryApr 18, 2023 - 9:15 p.m.

CVE-2023-25553

2023-04-1821:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-25553

cwe-79

cross-site scripting

dce

struxureware data center expert

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.4%

JSON

A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site
Scripting’) vulnerability exists on a DCE endpoint through the logging capabilities of the
webserver.

Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

Affected configurations

NVD

Node

schneider-electricstruxureware_data_center_expertRange≤7.9.2

CPENameOperatorVersion
schneider-electric:struxureware_data_center_expertschneider-electric struxureware data center expertle7.9.2

CPE	Name	Operator	Version
schneider-electric:struxureware_data_center_expert	schneider-electric struxureware data center expert	le	7.9.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "StruxureWare Data Center Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "V7.9.2",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.4%

JSON

Related for CVE-2023-25553

prion1 cvelist1 nvd1