OTPulse
FeedAboutContact

Schneider Electric EcoStruxure Data Center Expert

Plan Patch7.2ICS-CERT ICSA-26-076-03Mar 17, 2026
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric EcoStruxure IT Data Center Expert contains a hard-coded credentials vulnerability (CWE-798) in versions 9.0 and prior. The vulnerability requires administrator credentials and exploitation depends on enabling the SOCKS Proxy feature, which is disabled by default. The product is a monitoring software that collects and distributes critical device information across data center infrastructure. Successful exploitation could lead to information disclosure and remote compromise of the system.

What this means
What could happen
An attacker with admin credentials who enables the SOCKS Proxy feature could use hard-coded credentials to gain unauthorized access to the data center monitoring system, potentially disrupting visibility into critical infrastructure and accessing sensitive operational data.
Who's at risk
Data center operators and IT managers responsible for Schneider Electric EcoStruxure IT Data Center Expert monitoring systems, particularly those in energy and transportation sectors who rely on this software to track infrastructure health and performance.
How it could be exploited
An attacker must first obtain or already possess administrator credentials to the EcoStruxure IT Data Center Expert instance, then enable the SOCKS Proxy feature (which is off by default). Once the proxy is active, the attacker can use the hard-coded credentials embedded in the product to authenticate and gain full system access.
Prerequisites
  • Administrator credentials for EcoStruxure IT Data Center Expert
  • SOCKS Proxy feature must be enabled (non-default configuration)
  • Network access to the EcoStruxure IT Data Center Expert instance
Hard-coded credentialsDefault configuration provides some protection (SOCKS Proxy disabled)Requires high privileges (admin credentials)
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
EcoStruxure IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) v9.0 and prior≤ 9.09.1
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDEnsure the SOCKS Proxy feature remains disabled in the default configuration
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxure IT Data Center Expert to version 9.1 or later
Long-term hardening
0/2
HARDENINGHarden the DCE instance according to Schneider Electric's security best practices documented in the EcoStruxure IT Data Center Expert Security Handbook
HARDENINGRestrict network access to EcoStruxure IT Data Center Expert behind firewalls and isolate from internet exposure
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/eff6d011-d841-49c2-bbe3-9185a159a3ed
Schneider Electric EcoStruxure Data Center Expert | CVSS 7.2 - OTPulse