Schneider Electric EcoStruxture IT Data Center Expert

Plan PatchCVSS 10ICS-CERT ICSA-25-203-06Jul 8, 2025

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and earlier contain multiple vulnerabilities (CWE-78 command injection, CWE-331 insufficient entropy, CWE-94 code generation from user input, CWE-918 SSRF, CWE-269 improper access control, CWE-611 XML external entity injection) that allow unauthenticated network-based attackers to execute arbitrary code and access system data. The product is a scalable monitoring software that collects and distributes critical device information across data center infrastructure. Successful exploitation could result in operational disruption and unauthorized access to sensitive infrastructure telemetry.

What this means

What could happen

An attacker could execute arbitrary commands on the EcoStruxure IT Data Center Expert monitoring server, potentially disrupting data center operations, stealing critical infrastructure data, and gaining persistence in your monitoring network.

Who's at risk

Data center operations and infrastructure monitoring teams responsible for equipment powered by Schneider Electric EcoStruxure IT Data Center Expert. This affects any organization using DCE versions 8.3 or earlier to monitor power distribution, cooling, or other critical data center systems.

How it could be exploited

An attacker without authentication can reach the vulnerable DCE instance over the network and exploit multiple flaws (command injection, insecure deserialization, SSRF) to run arbitrary commands on the server. Once compromised, the attacker has access to collected data on all monitored equipment across your data center infrastructure.

Prerequisites

Network reachability to EcoStruxure IT Data Center Expert instance
No authentication credentials required

remotely exploitableno authentication requiredcritical severity (CVSS 10.0)code execution possibleaffects monitoring and visibility systems

Exploitability

Some exploitation risk — EPSS score 2.6%

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure™ IT Data Center Expert≤ 8.39.0

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDIf version 9.0 cannot be deployed immediately, restrict network access to the DCE instance to only authorized engineering and monitoring workstations using firewall rules or network segmentation

HARDENINGEnsure EcoStruxure IT Data Center Expert instance is not accessible from the internet; place behind a firewall with no inbound access from untrusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure IT Data Center Expert to version 9.0 or later

HARDENINGApply hardening controls documented in the EcoStruxure IT Data Center Expert Security Handbook, including disabling unnecessary services and restricting administrative access

CVEs (6)

CVE-2025-50121 CVE-2025-50122 CVE-2025-50123 CVE-2025-50125 CVE-2025-50124 CVE-2025-6438

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/64271fb4-4f8c-464a-af1f-83db28725c37

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.