Schneider Electric Ecostruxure It Data Center Expert vulnerabilities
8 known vulnerabilities affecting schneider_electric/ecostruxure_it_data_center_expert.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-50121P2CRITICALCVSS 9.5≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-50121 [CRITICAL] CWE-78 CVE-2025-50121: A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created
over the web interface HTTP when enabled. HTTP is disabled by default.
nvd
CVE-2025-13957P3HIGHCVSS 7.5vv9.0 and prior2026-03-10
CVE-2025-13957 [HIGH] CWE-798 CVE-2025-13957: CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
nvd
CVE-2025-50122P3HIGHCVSS 8.9≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-50122 [HIGH] CWE-331 CVE-2025-50122: A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when t
A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the
password generation algorithm is reverse engineered with access to installation or upgrade artifacts.
nvd
CVE-2025-50125P3MEDIUMCVSS 6.3≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-50125 [MEDIUM] CWE-918 CVE-2025-50125: A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticat
A
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote
code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation
of host request header.
nvd
CVE-2026-8045P3MEDIUMCVSS 6.5vv9.1.1 and Prior2026-06-09
CVE-2026-8045 [MEDIUM] CWE-611 CVE-2026-8045: CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints.
nvd
CVE-2025-50123P3HIGHCVSS 7.2≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-50123 [HIGH] CWE-94 CVE-2025-50123: A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could
A
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote
command execution by a privileged account when the server is accessed via a console and through
exploitation of the hostname input.
nvd
CVE-2025-50124P4HIGHCVSS 7.2≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-50124 [HIGH] CWE-269 CVE-2025-50124: A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escala
A
CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the
server is accessed by a privileged account via a console and through exploitation of a setup script.
nvd
CVE-2025-6438P4MEDIUMCVSS 5.9≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-6438 [MEDIUM] CWE-611 CVE-2025-6438: A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that co
A
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could
cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access
when the server is accessed via the network using an application account.
nvd