cbcvebase.

Schneider Electric Ecostruxure It Data Center Expert vulnerabilities

8 known vulnerabilities affecting schneider_electric/ecostruxure_it_data_center_expert.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-50121P2CRITICALCVSS 9.5≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-50121 [CRITICAL] CWE-78 CVE-2025-50121: A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default.
nvd
CVE-2025-13957P3HIGHCVSS 7.5vv9.0 and prior2026-03-10
CVE-2025-13957 [HIGH] CWE-798 CVE-2025-13957: CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
nvd
CVE-2025-50122P3HIGHCVSS 8.9≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-50122 [HIGH] CWE-331 CVE-2025-50122: A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when t A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts.
nvd
CVE-2025-50125P3MEDIUMCVSS 6.3≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-50125 [MEDIUM] CWE-918 CVE-2025-50125: A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticat A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header.
nvd
CVE-2026-8045P3MEDIUMCVSS 6.5vv9.1.1 and Prior2026-06-09
CVE-2026-8045 [MEDIUM] CWE-611 CVE-2026-8045: CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints.
nvd
CVE-2025-50123P3HIGHCVSS 7.2≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-50123 [HIGH] CWE-94 CVE-2025-50123: A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input.
nvd
CVE-2025-50124P4HIGHCVSS 7.2≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-50124 [HIGH] CWE-269 CVE-2025-50124: A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escala A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script.
nvd
CVE-2025-6438P4MEDIUMCVSS 5.9≥ 8.3, ≤ Prior to2025-07-11
CVE-2025-6438 [MEDIUM] CWE-611 CVE-2025-6438: A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that co A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account.
nvd
Schneider Electric Ecostruxure It Data Center Expert vulnerabilities | cvebase