Volerion logoVolerion
Volerion logoVolerion

Schneider Electric EcoStruxure IT Data Center Expert Server-Side Request Forgery Vulnerability Leading to Remote Code Execution

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Schneider Electric's EcoStruxure IT Data Center Expert (DCE) software, specifically in versions through 8.3. This vulnerability allows unauthenticated remote code execution when the server is accessed over the network with knowledge of hidden URLs and manipulation of the host request header.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the server.

Remediation

Users of EcoStruxure IT Data Center Expert versions 8.3 and prior should upgrade to version 9.0, which includes fixes for this vulnerability. This update is available upon request from Schneider Electric's Customer Care Center. Customers are advised to back up their systems and evaluate the impact of the upgrade in a test environment before applying it.

Added: Jul 11, 2025, 11:17 AM
Updated: Jul 11, 2025, 11:17 AM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
7.5
exploitability
5.9
remediation
7.9
relevance
0.3
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.