Schneider Electric Data Center Expert

Plan Patch7.2ICS-CERT ICSA-25-016-08Oct 8, 2024

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Data Center Expert contains signature validation and authentication bypass flaws (CWE-347, CWE-306) that could allow an attacker with high-privilege administrative access to read sensitive device configuration and operational data without proper authorization. The vulnerability affects versions 8.1.1.3 and earlier. The product is a scalable monitoring software used in data centers and critical infrastructure to collect, organize, and distribute equipment information. Exploitation would result in unauthorized access to private operational and configuration data.

What this means

What could happen

An attacker with high-level administrative credentials could access sensitive device configuration data and operational information stored in the Data Center Expert monitoring system, potentially exposing details about critical infrastructure assets and their configurations.

Who's at risk

Energy sector organizations operating Schneider Electric Data Center Expert monitoring systems, particularly data centers and utility operations centers that rely on this software to monitor and manage critical infrastructure equipment. Any organization using DCE version 8.1.1.3 or earlier should prioritize this issue.

How it could be exploited

An attacker with high-privilege administrative account access could exploit signature or authentication validation flaws to access sensitive data stored or transmitted by the Data Center Expert platform without proper authorization. This requires the attacker to first obtain or compromise a high-privilege account on the system.

Prerequisites

High-privilege administrative account credentials for Data Center Expert
Network access to the Data Center Expert server (typically port 443 HTTPS)
Access to valid authentication mechanisms (credentialed access required)

Requires high-privilege credentials (authentication required)Remotely exploitable over networkInformation disclosure / data exposureLow complexity attack

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Data Center Expert≤ 8.1.1.38.2

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDelete all existing 'logcapture' archives from the system via the https://server_ip/capturelogs web interface and cease creating new logcapture archives

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Data Center Expert to version 8.2 or later

HARDENINGEnforce least privilege access controls: review all administrative account assignments and revoke access for accounts that do not require it

HARDENINGVerify SHA1 checksums of all upgrade bundles before installation to prevent tampering

Long-term hardening

0/1

HARDENINGRestrict network access to the Data Center Expert server: position it behind a firewall, keep it off the Internet, and use VPN for remote administrative access

CVEs (2)

CVE-2024-8531 CVE-2024-8530

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8936cd3e-aa8a-4744-8892-557c6707ecf5