ICSA-25-016-08
·
Published 2024-10-08
·
View on CISA ICS-CERT ↗
Schneider Electric Data Center Expert
CVSS 7.2
HIGH
CVEs (2)
Remediations
- Version 8.2 of EcoStruxure™ IT Data Center Expert includes fixes for these vulnerabilities and is available upon request from Schneider Electric’s Customer Care Center.
- Ensure that the principals of least privilege are being followed so that only those with need have account access and that the level of their respective account authorization aligns with their role, including Privileged Accounts as described in the Data Center Expert Security Handbook. • Verify SHA1 checksums of upgrade bundles prior to executing upgrades as described in the Upgrades section of the Data Center Expert Security Handbook.. • Delete any existing “logcapture” archives present on the system and do not create any new “logcapture” archives. Existing archives can be deleted from the https://server_ip/capturelogs web page after authenticating.
Affected Vendors
Schneider Electric
Affected Products (2)
Schneider Electric
·
Data Center Expert
<=8.1.1.3
Schneider Electric
·
Data Center Expert
8.2
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more