Vulnerability Description
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Struxureware Data Center Expert | <= 7.3.1 |
Related Weaknesses (CWE)
References
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01MitigationPatchVendor Advisory
- http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patchesThird Party Advisory
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01MitigationPatchVendor Advisory
- http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patchesThird Party Advisory
FAQ
What is CVE-2017-8371?
CVE-2017-8371 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.
How severe is CVE-2017-8371?
CVE-2017-8371 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8371?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Struxureware Data Center Expert.