Data Center Expert
Plan Patch7.2SEVD-2024-282-01Oct 8, 2024
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
Schneider Electric Data Center Expert contains a cryptographic signature validation vulnerability (CWE-347, CWE-306) that allows improper access to private device information. The vulnerability exists in versions 8.1.1.3 and earlier. Affected versions fail to properly validate signatures on sensitive data, potentially exposing equipment configuration, operational metrics, and infrastructure details collected by the monitoring platform.
What this means
What could happen
An attacker with high-level privileges could read sensitive device information collected by the monitoring software, including equipment configuration and operational data used to manage data center infrastructure.
Who's at risk
Data center operations teams and facility managers who use Schneider Electric's Data Center Expert software to monitor power distribution, cooling systems, and IT equipment. This affects any organization using versions 8.1.1.3 or earlier for critical infrastructure monitoring.
How it could be exploited
An attacker with administrative or high-privilege credentials could exploit improper signature validation to access private data stored in the Data Center Expert system. This could include device configurations, performance metrics, and equipment details collected from monitored infrastructure.
Prerequisites
- High-privilege or administrative credentials for Data Center Expert
- Network access to the Data Center Expert application
Requires high-level credentialsInformation disclosure vulnerabilityAffects monitoring/visibility of critical infrastructure
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Data Center Expert≤ 8.1.1.38.2
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Data Center Expert to version 8.2 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/791de224-44ae-4c09-b13a-29df5e0aaeb4