Volerion logoVolerion
Volerion logoVolerion

Schneider Electric EcoStruxure IT Data Center Expert Improper XML External Entity Reference Vulnerability

Vulnerability

A vulnerability allowing improper restriction of XML external entity references has been identified in Schneider Electric's EcoStruxure IT Data Center Expert, all versions through 9.1.1. This vulnerability could lead to unauthorized disclosure of server-side file contents. It arises when an attacker with a Data Center Expert user account sends crafted XML payloads to SOAP service endpoints.

Impact

Exploitation of this vulnerability could result in unauthorized access to server-side file contents, leading to potential information disclosure.

Remediation

Users can upgrade to version 9.1.2 of EcoStruxure IT Data Center Expert, which addresses this vulnerability. This version is available for download from the EcoStruxure IT Data Center Expert product page. It is recommended to evaluate the impact of this patch in a test environment before applying it to production systems.

Added: Jun 9, 2026, 4:22 PM
Updated: Jun 9, 2026, 4:22 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
2.5
exploitability
4.9
remediation
7.7
relevance
9.4
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.