Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Schneider Electric StruxureWare Data Center Expert 代码注入漏洞
Vulnerability Description
Schneider Electric StruxureWare Data Center Expert(StruxureWare数据中心管理专家)是法国施耐德电气(Schneider Electric)公司的一种监控软件。适用于各种组织监控其全公司范围内的电力、制冷、安全、环境。 Schneider Electric StruxureWare Data Center Expert v7.9.3及之前版本存在代码注入漏洞,该漏洞源于当 DCE 上的管理员用户上传或篡改安装时,可能会导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A