Vulnerability CVE-2023-25550
Published: 2023-04-18

Description:









A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
allows remote code execution via the ??hostname? parameter when maliciously crafted hostname
syntax is entered.










Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

Type:

CWE-94

 (Improper Control of Generation of Code ('Code Injection'))

 References:
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Copyright 2026, cxsecurity.com

 

Back to Top