CISA has added a critical vulnerability in Schneider Electric's EcoStruxure Data Center Expert to its Known Exploited Vulnerabilities catalog, requiring immediate patching to prevent potential exploitation.
A critical security vulnerability has been discovered in Schneider Electric's EcoStruxure Data Center Expert software, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to add it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2024-XX (specific CVE number not provided in the source), affects versions prior to 8.3.0 and could allow unauthorized remote access to affected systems.
The vulnerability stems from improper authentication mechanisms within the software's web interface, potentially enabling attackers to bypass security controls and gain administrative privileges without proper credentials. Schneider Electric has released version 8.3.0 to address this critical security flaw.
Organizations using EcoStruxure Data Center Expert should immediately upgrade to version 8.3.0 or implement available mitigations. CISA mandates that federal agencies patch this vulnerability by the specified deadline, and private sector organizations are strongly encouraged to follow suit.
For organizations unable to immediately update, CISA recommends implementing network segmentation, restricting access to affected systems, and monitoring for suspicious activity. The vulnerability poses significant risk to data center infrastructure management, potentially allowing attackers to manipulate environmental controls, power systems, and monitoring capabilities.
Schneider Electric has published detailed mitigation guidance and the patched software is available through their customer portal. Organizations should verify their current version and plan immediate remediation to protect critical infrastructure systems.
Comments
Please log in or register to join the discussion