CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6438 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 XML Injection
https://notcve.org/view.php?id=CVE-2025-6438
10 Jul 2025 — CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account. CWE-611: Existe una vulnerabilidad de restricción incorrecta de referencia de entidad externa XML que podría causar la manipulación de llamadas a la API SOAP y la inyección de entidades externas XML, lo que resulta en un acceso no a... • https://packetstorm.news/files/id/206242 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50121 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-50121
10 Jul 2025 — CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default. A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interf... • https://packetstorm.news/files/id/206243 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50122 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Root Password Discovery
https://notcve.org/view.php?id=CVE-2025-50122
10 Jul 2025 — CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts. A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts. A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the p... • https://packetstorm.news/files/id/206244 • CWE-331: Insufficient Entropy •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50123 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Command Execution
https://notcve.org/view.php?id=CVE-2025-50123
10 Jul 2025 — CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input. A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input. A CWE-94: Improper Contr... • https://packetstorm.news/files/id/206245 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50124 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-50124
10 Jul 2025 — CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script. A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script. A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escal... • https://packetstorm.news/files/id/206246 • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50125 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2025-50125
10 Jul 2025 — CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header. A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header. A CWE-918: Server-Side Request Forgery (... • https://packetstorm.news/files/id/206247 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8530 – Schneider Electric EcoStruxure Data Center Expert Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-8530
11 Oct 2024 — CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS. The vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of log files. The issue results from the lack of auth... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8531 – Schneider Electric EcoStruxure Data Center Expert Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8531
11 Oct 2024 — CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of upgrade bundles. The issue... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 0CVE-2023-37199
https://notcve.org/view.php?id=CVE-2023-37199
12 Jul 2023 — A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored. A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 0CVE-2023-37198
https://notcve.org/view.php?id=CVE-2023-37198
12 Jul 2023 — A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages. A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •