Schneider Electric EcoStruxure Panel Server Insertion of Sensitive Information into Log Files Vulnerability

A vulnerability allowing the insertion of sensitive information into log files has been identified in Schneider Electric's EcoStruxure Panel Server, all models, through version 2.0. This vulnerability could lead to the unintentional disclosure of FTP server credentials. The issue arises when the FTP server is active, the device is in debug mode, and the debug files are exported from the device.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of FTP server credentials.

Remediation

Users can upgrade to version 2.1 or later of EcoStruxure Panel Server, which includes a fix for this vulnerability. This version is available for download from the Schneider Electric website. After upgrading, customers should ensure that debug mode is turned off to prevent credential exposure.