Schneider Electric EcoStruxure IT Data Center Expert
Easy fix2 remedies
cpe:2.3:a:schneider-electric:data_center_expert:*:*:*:*:*:*:*, +1 more
Easy fix2 remedies
- <= 8.3
Schneider Electric EcoStruxure IT Data Center Expert Code Injection Vulnerability Leading to Remote Command Execution
Vulnerability
Patched
A code injection vulnerability allowing remote command execution has been identified in Schneider Electric's EcoStruxure IT Data Center Expert (DCE) software, specifically in versions through 8.3. This vulnerability arises from improper control of code generation, which can be exploited by a privileged account. The issue occurs when the server is accessed via a console, taking advantage of the hostname input.
Impact
Exploitation of this vulnerability could result in unauthorized remote command execution on the affected server, carried out by a privileged account.
Remediation
Users of EcoStruxure IT Data Center Expert versions 8.3 and prior should upgrade to version 9.0, which includes fixes for this vulnerability. This update is available upon request from Schneider Electric's Customer Care Center. Customers are advised to back up their systems and evaluate the impact of the upgrade in a test environment before applying it.
Added: Jul 11, 2025, 10:17 AM
Updated: Jul 11, 2025, 10:17 AM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
7.5exploitability
4.0remediation
7.9relevance
0.3threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.