Product:

Struxureware_data_center_expert

(Schneider\-Electric)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 48
Date Id Summary Products Score Patch Annotated
2018-05-23 CVE-2018-1124 procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. Ubuntu_linux, Debian_linux, Leap, Procps\-Ng, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Struxureware_data_center_expert N/A
2017-04-30 CVE-2017-8371 Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. Struxureware_data_center_expert 6.8
2018-05-23 CVE-2018-1126 procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. Ubuntu_linux, Debian_linux, Procps\-Ng, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Struxureware_data_center_expert 9.8
2018-11-30 CVE-2018-7807 Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. Struxureware_data_center_expert 8.8