Schneider Electric EcoStruxure Data Center Expert
Summary
Schneider Electric has identified a hard-coded credentials vulnerability in its EcoStruxure Data Center Expert (DCE) product. This vulnerability requires administrator credentials and the enabling of the SOCKS Proxy feature, which is off by default. Successful exploitation could lead to information disclosure and remote compromise, potentially disrupting operations and access to system data.
IFF Assessment
The vulnerability allows for remote compromise and disruption of operations, which is detrimental to defenders protecting critical infrastructure.
Severity
Defender Context
Defenders need to be aware of this vulnerability impacting critical infrastructure sectors like energy and transportation. It is crucial to ensure the SOCKS Proxy feature remains disabled and to apply the vendor's fix (version 9.1) promptly to mitigate the risk of information disclosure and remote compromise.