Schneider Electric EcoStruxture IT Data Center Expert

Act Now10ICS-CERT ICSA-25-203-06Jul 8, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric EcoStruxture IT Data Center Expert versions 8.3 and prior contain multiple vulnerabilities allowing remote code execution and information disclosure. The vulnerabilities stem from improper input validation (CWE-78: OS Command Injection, CWE-94: Code Injection), unsafe deserialization (CWE-331), server-side request forgery (CWE-918), and insufficient access controls (CWE-269, CWE-611: XML External Entity). An unauthenticated network attacker can execute arbitrary commands on the monitoring server, compromise the system's integrity, and access sensitive device configuration data from all monitored infrastructure assets.

What this means

What could happen

An attacker with network access to EcoStruxure IT Data Center Expert could execute arbitrary code on the monitoring server, gaining complete control over the system and access to critical device information from data center infrastructure. This could allow disruption of monitoring capabilities, alteration of asset data, or lateral movement into the monitored infrastructure.

Who's at risk

This affects operators of data center infrastructure in the energy sector who use EcoStruxture IT Data Center Expert for monitoring power distribution units (PDUs), cooling systems, uninterruptible power supplies (UPS), and other critical data center equipment. Any organization monitoring IT infrastructure with this Schneider Electric product should evaluate their exposure.

How it could be exploited

An attacker on the network sends a malicious request to the EcoStruxure IT Data Center Expert server (port and service unspecified in advisory, likely the web interface or API). The server processes the request without proper input validation or command execution controls, allowing the attacker to inject and execute arbitrary commands on the monitoring server. Once compromised, the attacker can access the database of monitored equipment and potentially pivot to critical infrastructure devices.

Prerequisites

Network connectivity to EcoStruxure IT Data Center Expert server on its listening port
No authentication required for the vulnerable endpoints
System running vulnerable version 8.3 or earlier

remotely exploitableno authentication requiredlow complexity attackcritical CVSS score (10.0)multiple code execution pathways (CWE-78, CWE-94, CWE-918)affects centralized monitoring system for critical infrastructure

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure™ IT Data Center Expert≤ 8.39.0

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGApply hardening measures from the EcoStruxure IT Data Center Expert Security Handbook, including network segmentation and access controls

WORKAROUNDRestrict network access to EcoStruxure IT Data Center Expert—place the server behind a firewall and do not expose to the Internet

WORKAROUNDIf remote access is required, use a VPN and keep it updated to the latest version

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxture IT Data Center Expert to version 9.0 or later

CVEs (6)

CVE-2025-50121 CVE-2025-50122 CVE-2025-50123 CVE-2025-50125 CVE-2025-50124 CVE-2025-6438

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/64271fb4-4f8c-464a-af1f-83db28725c37