CVE-2023-37199 Information

Description

A CWE-94: Improper Control of Generation of Code (‘Code Injection’) vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.

Reference

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf