Schneider Electric Flaws Expose Data Centers to Attacks

Schneider Electric has confirmed six critical security weaknesses in its EcoStruxure IT Data Center Expert software, exposing data centers to potential remote code execution. The Schneider Electric flaws expose systems running versions 8.3 and earlier to attacks that could allow unauthorized access and OS-level command injection.

The most serious issue, tracked as CVE-2025-50121, received a maximum CVSS score of 10.0. Attackers can exploit this vulnerability by creating crafted folders via the web interface if HTTP is enabled, a setting disabled by default. The Schneider Electric flaws expose critical infrastructure to additional risks, including password entropy issues, hostname-based code injection, and server-side request forgery.

Researchers from KoreLogic identified the flaws during a comprehensive security assessment. Schneider Electric has since released version 9.0 to patch all known issues. Until then, the company advises administrators to disable HTTP and apply network segmentation controls.

Read the full report at:

Multiple Schneider Electric Vulnerabilities Let Attackers Inject OS Commands