CVE-2023-37197 HIGH

CVE-2023-37197

Vendor Schneider Electric

Product StruxureWare Data Center Expert

Weakness CWE-89 · SQLi

Published July 12, 2023

Last update November 7, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE.

Key dates

02Disclosure timeline

July 12, 2023 CVE published

November 7, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-37197

Related vulnerabilities

04Related CVE

CVE-2024-8624 MDTF – Meta Data and Taxonomies Filter <= 1.3.3.3 - Authenticated (Contributor+) SQL Injection CVE-2025-22728 WordPress Workreap (theme's plugin) plugin <= 3.3.6 - SQL Injection vulnerability CVE-2025-11312 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findModulePage.do findModulePage sql injection CVE-2023-48718 Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) CVE-2025-5779 code-projects Patient Record Management System birthing.php sql injection

Identifiers

CVE CVE-2023-37197

CWE CWE-89

CVSS 8.8 / HIGH

Affected versions

Vendor Schneider Electric

Product StruxureWare Data Center Expert

Affected v7.9.3 and earlier