EcoStruxure™ IT Data Center Expert

Act Now10SEVD-2025-189-01Jul 8, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

EcoStruxure IT Data Center Expert is a scalable monitoring software that collects, organizes, and distributes critical device information across infrastructure. Multiple vulnerabilities exist in versions 8.3 and earlier, including remote code execution via improper input validation (CWE-78), weak random number generation (CWE-331), unsafe code evaluation (CWE-94), server-side request forgery (CWE-918), missing access controls (CWE-269), and insecure deserialization (CWE-611). These vulnerabilities allow unauthenticated remote attackers to execute arbitrary code, disclose sensitive information, and disrupt operations. The platform typically monitors critical infrastructure equipment including power distribution, environmental controls, and security systems.

What this means

What could happen

An attacker could remotely execute code on the EcoStruxure IT Data Center Expert server without credentials, potentially gaining full control of the monitoring platform and access to all collected critical infrastructure data across monitored equipment.

Who's at risk

Energy utilities and data center operators running EcoStruxure IT Data Center Expert should prioritize this patch. This monitoring platform is often deployed as a central management point for critical infrastructure, making it a high-value target. Any organization using this product for real-time visibility into power distribution, HVAC, lighting, or security systems is at risk.

How it could be exploited

An attacker on the network or internet can send a specially crafted request to the EcoStruxure IT Data Center Expert server. The server fails to properly validate input (CWE-78, CWE-94) and may deserialize untrusted data (CWE-611), allowing the attacker to execute arbitrary commands on the server. The attacker gains direct access to all equipment monitoring data and can alter configurations.

Prerequisites

Network access to the EcoStruxure IT Data Center Expert server port (typically HTTP/HTTPS)
No authentication or valid credentials required

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS score (10.0)Affects centralized monitoring of critical infrastructureMultiple code execution vectors (CWE-78, CWE-94, CWE-611)

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure™ IT Data Center Expert≤ 8.39.0

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDIf immediate patching is not possible, restrict network access to the EcoStruxure IT Data Center Expert server to trusted administrative networks only using firewall rules

HARDENINGMonitor the EcoStruxure IT Data Center Expert server logs for suspicious requests or command execution attempts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxure IT Data Center Expert to version 9.0 or later

CVEs (6)

CVE-2025-50121 CVE-2025-50122 CVE-2025-50123 CVE-2025-50125 CVE-2025-50124 CVE-2025-6438

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e3a209d9-6c26-494a-bb2b-cc6396ca9afc