{"vulnerability": "CVE-2023-2555", "sightings": [{"uuid": "4c593d90-b26d-4646-bef7-ba73377548c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25552", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6261", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25552\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: \n\n\nA CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized\ncontent, changes or deleting of content, or performing unauthorized functions when tampering\nthe Device File Transfer settings on DCE endpoints. \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n\n\ud83d\udccf Published: 2023-04-18T20:33:50.548Z\n\ud83d\udccf Modified: 2025-03-03T19:16:53.079Z\n\ud83d\udd17 References:\n1. https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf", "creation_timestamp": "2025-03-03T19:30:56.000000Z"}, {"uuid": "69023041-49c1-4e88-83d0-8668379e5aba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25554", "type": "seen", "source": "https://t.me/cibsecurity/62392", "content": "\u203c CVE-2023-25554 \u203c\n\nA CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-19T00:29:33.000000Z"}, {"uuid": "42f7bd89-d9e7-4f19-a342-5dc8d3d10dde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25555", "type": "seen", "source": "https://t.me/cibsecurity/62389", "content": "\u203c CVE-2023-25555 \u203c\n\nA CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-19T00:29:30.000000Z"}, {"uuid": "c1ac661b-be9a-4141-bc58-aaeb673eccc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25550", "type": "seen", "source": "https://t.me/cibsecurity/62400", "content": "\u203c CVE-2023-25550 \u203c\n\nA CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the \u00e2\u20ac\u0153hostname\u00e2\u20ac\ufffd parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-19T00:29:44.000000Z"}, {"uuid": "609c10b1-39fc-4b8e-a9aa-fe674143213f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25556", "type": "seen", "source": "https://t.me/cibsecurity/62372", "content": "\u203c CVE-2023-25556 \u203c\n\nA CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-18T22:29:17.000000Z"}]}