← Back to home
ICSA-26-076-03  ·  Published 2026-03-17  ·  View on CISA ICS-CERT ↗

Schneider Electric EcoStruxure Data Center Expert

CVSS 7.2 HIGH

CVEs (1)

Remediations

  • v9.1 of EcoStruxure IT Data Center Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/en/product-range/61851-ecostruxure-it-data-center-expert/#software-and-firmware
  • If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Harden the DCE instance according to the cybersecurity best practices documented in the EcoStruxure IT Data Center Expert Security Handbook • Ensure the SOCKS Proxy is disabled as in the default configuration.
  • For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-069-05 Use of Hard-coded Credentials vulnerability in EcoStruxure IT Data Center Expert PDF Version https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-05.pdf
  • For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-069-05 Use of Hard-coded Credentials vulnerability in EcoStruxure IT Data Center Expert CSAF Version https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-069-05.json

Affected Vendors

Schneider Electric

Affected Products (2)

Schneider Electric · EcoStruxure IT Data Center Expert vers:intdot/<=9.0
Schneider Electric · EcoStruxure IT Data Center Expert 9.1

Affected Sectors

Commercial Facilities, Energy, Food and Agriculture, Government Services and Facilities, Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more