OTPulse
FeedAboutContact

Use of Hard-coded Credentials vulnerability in EcoStruxure™ IT Data Center Expert

Plan Patch7.2SEVD-2026-069-05Mar 10, 2026
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

Hard-coded credentials vulnerability in EcoStruxure™ IT Data Center Expert v9.0 and earlier. The vulnerability requires an attacker to have administrator credentials and to enable the SOCKS Proxy feature, which is disabled by default. Successful exploitation could lead to unauthorized system access, information disclosure of critical facility data, and potential disruption of monitored operations. The vulnerability is addressed in version 9.1.

What this means
What could happen
An attacker with administrator credentials could enable the SOCKS Proxy feature and exploit hard-coded credentials to gain unauthorized access to the data center monitoring system, leading to information disclosure and potential disruption of facility operations.
Who's at risk
Energy sector organizations operating data centers and utility facilities that use EcoStruxure IT Data Center Expert for infrastructure monitoring. Primary concern for facility managers responsible for power distribution, cooling systems, and critical equipment visibility in energy utilities.
How it could be exploited
An attacker who has obtained or already has administrator-level access to the EcoStruxure IT Data Center Expert system can enable the disabled-by-default SOCKS Proxy feature and then use hard-coded credentials embedded in the product to authenticate and gain control of the monitoring application, allowing them to view sensitive facility data or manipulate monitored devices.
Prerequisites
  • Administrator credentials to access EcoStruxure IT Data Center Expert
  • Network access to the DCE administrative interface
  • Manual enabling of the SOCKS Proxy feature (not enabled by default)
hard-coded credentials in applicationrequires administrator credentialsaffects data center infrastructure monitoringSOCKS proxy feature must be explicitly enabledhigh CVSS score (7.2)
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
EcoStruxure™ IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) v9.0 and prior≤ 9.09.1
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxure IT Data Center Expert to version 9.1 or later
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/bcfc6a76-65a3-470a-a377-052713debfd5