Schneider Electric Data Center Expert

Plan Patch7.2ICS-CERT ICSA-24-289-02Oct 8, 2024

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Data Center Expert contains a signature verification flaw (CWE-347) combined with insufficient authentication enforcement (CWE-306) that allows an authenticated high-privilege user to disclose sensitive information. The vulnerability affects versions 8.1.1.3 and earlier. Data Center Expert is a monitoring software that collects and distributes critical device information across data center infrastructure, including power systems, cooling, and equipment status. Exploitation could expose private device data, system configuration, and logs that reveal data center topology and access patterns.

What this means

What could happen

An attacker with high-privilege administrative access could exploit a signature verification flaw to disclose sensitive information from the monitoring system, including private device data, configuration details, and system logs that could enable further attacks on the data center infrastructure.

Who's at risk

Data center operations teams and facility managers responsible for monitoring power distribution units (PDUs), uninterruptible power supplies (UPS), cooling systems, and server infrastructure should prioritize this patch. Any organization using Schneider Electric Data Center Expert to monitor energy and environmental systems in their data center is affected.

How it could be exploited

An authenticated high-privilege user or attacker with compromised administrative credentials could exploit improper signature verification (CWE-347) combined with insufficient authentication on sensitive operations (CWE-306) to access restricted information through the web interface or API, potentially extracting device configuration, performance baselines, and access logs that reveal the data center topology and monitoring capabilities.

Prerequisites

Valid administrative credentials for Data Center Expert
Network access to the Data Center Expert web interface or API
Data Center Expert version 8.1.1.3 or earlier deployed

Remotely exploitable via networkRequires high-privilege credentialsAffects data center monitoring and visibilityInformation disclosure could enable secondary attacksLow EPSS score indicates limited exploit activity

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Data Center Expert≤ 8.1.1.38.2

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGImplement least privilege access controls—restrict administrative account access to only those personnel who require it and align authorization levels with their operational role

WORKAROUNDVerify SHA1 checksums of all upgrade bundles before executing them, as documented in the Data Center Expert Security Handbook

WORKAROUNDDelete any existing 'logcapture' archives from the system via the https://server_ip/capturelogs page and disable future logcapture archive creation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Data Center Expert to version 8.2 or later

Long-term hardening

0/2

HARDENINGIsolate the Data Center Expert infrastructure and managed devices behind firewalls, separate from the business network

HARDENINGEnforce network segmentation to ensure Data Center Expert and monitored equipment are not directly internet-accessible

CVEs (2)

CVE-2024-8531 CVE-2024-8530

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8cf4779d-68ce-41fd-87a7-3bc4be7bd42f