Schneider Electric EcoStruxure Data Center Expert

Plan PatchCVSS 7.2ICS-CERT ICSA-26-076-03Mar 10, 2026

Schneider ElectricEnergyTransportation

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric EcoStruxure IT Data Center Expert versions 9.0 and prior contain a hard-coded credentials vulnerability in the SOCKS Proxy feature. The vulnerability allows an attacker who has administrator access and enables the SOCKS Proxy (disabled by default) to authenticate using hard-coded credentials to gain unauthorized access and potentially disrupt monitoring or exfiltrate sensitive device information. The product is used to collect and organize critical infrastructure data from data center equipment in energy and transportation sectors.

What this means

What could happen

An attacker with administrator credentials could exploit hard-coded secondary credentials in the SOCKS Proxy feature to gain unauthorized access to the DCE system and extract sensitive device information or disrupt monitoring of critical data center infrastructure.

Who's at risk

Data center operators and energy/utility companies using Schneider Electric's EcoStruxure IT Data Center Expert for monitoring critical infrastructure should prioritize this issue. The product monitors power distribution, cooling, and other essential data center systems—compromise could lead to loss of operational visibility and undetected faults.

How it could be exploited

An attacker who has obtained or guessed the administrator password and enables the SOCKS Proxy feature (which is disabled by default) can then use hard-coded credentials to authenticate to the proxy service and issue commands or extract sensitive data from the monitored environment. The vulnerability requires the attacker to first have admin-level access to the DCE instance itself.

Prerequisites

Administrator credentials for EcoStruxure IT Data Center Expert
SOCKS Proxy feature must be enabled (not enabled by default)
Network access to the DCE instance or SOCKS Proxy port

hard-coded credentialsrequires high-level privilege (administrator)default-safe configuration (feature disabled by default)no authentication required after admin access and feature enablement

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

EcoStruxure™ IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) v9.0 and prior≤ 9.09.1

EcoStruxure IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) v9.0 and prior≤ 9.09.1

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDVerify SOCKS Proxy feature is disabled in DCE configuration and keep it disabled unless operationally required

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure IT Data Center Expert to version 9.1 or later

HARDENINGApply hardening measures documented in the EcoStruxure IT Data Center Expert Security Handbook

HARDENINGAudit administrator accounts and reset credentials to ensure they are strong and unique, not default or easily guessable

Long-term hardening

0/1

HARDENINGRestrict network access to DCE management interfaces using firewall rules to limit exposure from untrusted networks

CVEs (1)

CVE-2025-13957

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/eff6d011-d841-49c2-bbe3-9185a159a3ed

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.