Primary

Context

Schneider Electric EcoStruxure IT Data Center Expert Improper Restriction of XML External Entity Reference Vulnerability

Vulnerability

Patched

A vulnerability allowing improper restriction of XML external entity references has been identified in Schneider Electric's EcoStruxure IT Data Center Expert, all versions through 8.3. This vulnerability could lead to manipulation of SOAP API calls and injection of XML external entities, resulting in unauthorized access to files when the server is accessed over the network using an application account.

Impact

Exploitation of this vulnerability could result in unauthorized file access.

Remediation

Users can upgrade to version 9.0 of EcoStruxure IT Data Center Expert, which includes fixes for this vulnerability. This version is available upon request from Schneider Electric's Customer Care Center. Customers should evaluate the impact of the upgrade in a test environment and contact the Customer Care Center for assistance if needed.

Added: Jul 11, 2025, 9:22 AM

Updated: Jul 11, 2025, 9:22 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Schneider Electric EcoStruxure IT Data Center Expert Improper Restriction of XML External Entity Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Schneider Electric EcoStruxure IT Data Center Expert

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating