Schneider Electric EcoStruxure IT Data Center Expert
Easy fix2 remedies
cpe:2.3:a:schneider-electric:data_center_expert:*:*:*:*:*:*:*, +1 more
Easy fix2 remedies
- <= 8.3
Schneider Electric EcoStruxure IT Data Center Expert Insufficient Entropy Vulnerability Allowing Root Password Discovery
Vulnerability
Patched
A vulnerability exists in Schneider Electric's EcoStruxure IT Data Center Expert (DCE) software, specifically in versions through 8.3. This vulnerability, categorized as CWE-331 (Insufficient Entropy), could lead to the discovery of the root password. The issue arises when the password generation algorithm is reverse-engineered using access to installation or upgrade artifacts.
Impact
Exploitation of this vulnerability could result in unauthorized root password discovery, potentially leading to unauthorized access and control over the system.
Remediation
Users of EcoStruxure IT Data Center Expert should upgrade to version 9.0, which includes fixes for this vulnerability. This version is available upon request from Schneider Electric's Customer Care Center. Customers are advised to back up their systems and evaluate the impact of the upgrade in a Test and Development environment or on an offline infrastructure. If assistance is needed, contact Schneider Electric's Customer Care Center.
Added: Jul 11, 2025, 10:29 AM
Updated: Jul 11, 2025, 10:29 AM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
7.5exploitability
7.0remediation
7.9relevance
0.2threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.