Struxureware data center expert
This hub aggregates every CVE we track for Struxureware data center expert, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
49
CVEs tracked
2
Critical
15
High
0
In CISA KEV
Severity distribution
MEDIUM30HIGH15LOW2CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Struxureware data center expert.
- CVE-2026-8045CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert us...6.5
- CVE-2023-37199 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manual...6.8
- CVE-2023-37198 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packag...6.8
- CVE-2023-37197 A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access u...8.8
- CVE-2023-37196 A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access una...8.8
- CVE-2023-25555 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execut...5.6
- CVE-2023-25553 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver....6.1
- CVE-2023-25551 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP...6.1
- CVE-2023-25550 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostnam...7.2
- CVE-2023-25549 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. ...7.2
- CVE-2023-25554 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a malic...7.8
- CVE-2023-25552 A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the De...8.1
- CVE-2023-25548 A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged u...8.8
- CVE-2023-25547 A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected product...8.8
- CVE-2021-22795A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affe...9.1
Product normalization is registry-driven with AI assist and human review. How it works