Schneider Electric Struxureware Data Center Expert

Act Now9.1ICS-CERT ICSA-21-257-03Sep 14, 2021

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Struxureware Data Center Expert versions 7.8.1 and earlier contain multiple vulnerabilities (CWE-78 OS command injection, CWE-22 path traversal) that could allow remote code execution. The vulnerabilities require high privileges but affect the integrity and availability of the data center management system. Schneider Electric has established a remediation plan for future versions but has not yet released a patch.

What this means

What could happen

An attacker with administrative or engineering credentials could execute arbitrary commands on the data center management system, potentially disrupting monitoring, cooling control systems, or power distribution logic that controls facility operations.

Who's at risk

Data center operators at energy facilities (power plants, substations, utility control centers) that use Schneider Electric Struxureware Data Center Expert for facility monitoring and power/cooling management. This includes operators managing UPS systems, PDUs, facility environmental controls, and backup power systems.

How it could be exploited

An attacker must first gain high-privilege credentials (administrative or engineering account) to log into the Struxureware interface. Once authenticated, the attacker can inject OS commands (CWE-78) or traverse file paths (CWE-22) to execute arbitrary code on the system, affecting data center infrastructure controls.

Prerequisites

Network access to the Struxureware Data Center Expert management interface (typically port 8080 or 443 over HTTP/HTTPS)
Valid high-privilege credentials (administrator or engineering workstation account)
System must be running affected version 7.8.1 or earlier

high CVSS score (9.1)requires high-privilege credentials for exploitationno patch available; vendor fix timeline uncertainaffects data center infrastructure (critical facility operations)remotely exploitable if management interface is network-accessible

Exploitability

Moderate exploit probability (EPSS 3.7%)

Affected products (1)

ProductAffected VersionsFix Status

Struxureware Data Center: Expert≤ 7.8.1No fix yet

Remediation & Mitigation

0/7

Do now

0/4

WORKAROUNDRestrict network access to the Struxureware Data Center Expert management interface using firewall rules—allow only known engineering workstations and administrative IPs

WORKAROUNDDisable direct Internet access to the management interface; require VPN connection for remote administration

HARDENINGImplement strong access controls: enforce unique high-complexity passwords for all administrative and engineering accounts; disable default credentials

HARDENINGReview and rotate all administrative and engineering credentials to ensure no compromised accounts remain active

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Schneider Electric security advisory SEVD-2021-257-03 for patched versions; apply firmware update immediately upon release

HARDENINGMonitor for suspicious login attempts and command execution logs on the Struxureware system; set up alerts for failed authentication and privilege escalation attempts

Long-term hardening

0/1

HARDENINGSegment the data center control network from the business network using firewalls; ensure Struxureware is not routable from untrusted networks

CVEs (2)

CVE-2021-22795 CVE-2021-22794

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0700094a-ce85-4737-9192-497cf2a4c73e