Summary : Schneider Electric has found critical security flaws in its EcoStruxure IT Data Center Expert software (version 8.3 and earlier) which allow attackers to run harmful codes, steal data or disrupt data center operations. The EcoStruxure IT Data Center is a scalable monitoring solution for data center equipment. Through the web interface the flaw allows unauthenticated remote code execution when HTTP is enabled, though it is disabled by default.

Severity	Critical
CVSS Score	10.0
CVEs	CVE-2025-50121, CVE-2025-50122, CVE-2025-50123, CVE-2025-50125
POC Available	No
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview 

The most severe flaw lets attackers execute commands remotely without logging in and other risks include weak password generation and privilege misuse.

Schneider urges users to upgrade to version 9.0. as a priority, if users are unable to update right now, users should secure their systems by limiting access, disabling unused services, using VPNs and security best practices. 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
​OS Command Injection	CVE-2025-50121	EcoStruxure IT Data Center Expert (DCE)	Critical	v 9.0
Insufficient Entropy (Weak Root Password Generation)	CVE-2025-50122	EcoStruxure IT Data Center Expert (DCE)	High	v 9.0
Insufficient Entropy (Weak Root Password Generation)	CVE-2025-50123	EcoStruxure IT Data Center Expert (DCE)	High	v 9.0
Insufficient Entropy (Weak Root Password Generation)	CVE-2025-50125	EcoStruxure IT Data Center Expert (DCE)	High	v 9.0

Technical Summary 

The vulnerabilities have been identified in the system that exposes it to remote takeover, unauthorized access and internal data exposure.

At the core of the risk is a command injection flaw in the web interface, where unsanitized input allows attackers to execute system-level commands without authentication.

Compounding the issue is a weak password generation mechanism that uses low-entropy values, making root credentials easier to predict if installation or update packages are obtained.

Privileged users can also exploit unsafe input handling, specifically in fields like the hostname to inject and execute arbitrary code.

Furthermore, improper validation of internal HTTP requests allows attackers to perform server-side request forgery (SSRF), potentially accessing internal services and sensitive resources without credentials. 

CVE ID	CVSS Score	System Affected	Vulnerability Details	Impact
CVE-2025-50121	10.0	Web interface	Allows unauthenticated attackers to run system commands via malicious folder in web interface.	Unauthenticated RCE, full system compromise.
CVE-2025-50122	8.3	Password generation system	Allows unauthenticated attackers to run system commands via malicious folder in web interface.	Root access by reverse-engineering password generation, leading to full control.
CVE-2025-50123	7.2	Server console interface	Allows unauthenticated attackers to run system commands via malicious folder in web interface.	Arbitrary command execution by privileged users, risking internal misuse or escalation
CVE-2025-50125	7.2	HTTP request handler	Attackers manipulate hidden URLs to access internal services or run code without login.	Unauthorized access to internal services, RCE and data exposure.

In addition to the Critical and High Severity vulnerabilities, Two other medium severity issues were addressed. 

CVE-2025-50124 – Improper Privilege Management (CVSS 6.9) 
This issue allows privilege escalation through a setup script by a user already holding elevated access via the console. 

CVE-2025-6438 – XML External Entity (XXE) Injection (CVSS 6.8) 

 Attackers could exploit SOAP API calls to inject malicious XML entities and gain unauthorized file access. 

Remediation: 

• Immediately upgrade to EcoStruxure DCE version 9.0 or the latest one to fix critical security flaws. 

Schneider recommends hardening DCE instances per the EcoStruxure IT Data Center Expert Security Handbook and adopting cybersecurity best practices.

Attackers could gain full access, run harmful commands, or steal data. It is strongly advised to update to version 9.0 or apply strict security measures to reduce the risks immediately.

IoT and Evolving Threat landscape

Industrial IoT security threats have evolved from theoretical concerns to active, persistent dangers that target manufacturing operations worldwide.

The convergence of traditional operational technology with modern information technology has created attack vectors that cybercriminals, nation-state actors, and industrial espionage operations actively exploit.

The financial impact of industrial cybersecurity incidents continues to escalate, with the average cost of a manufacturing sector data breach reaching $4.97 million in 2024, not including potential regulatory fines, business interruption losses, and long-term reputation damage. 

The security flaws in Schneider’s EcoStruxure IT Data Center Expert software exposes the dynamic threat landscape that may exist in Industrial IoT .

These vulnerabilities in Schneider Electric’s EcoStruxure DCE can seriously affect system security and data center operations. 

References: 

• https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-01.pdf  

• https://securityonline.info/critical-vulnerabilities-found-in-schneider-electrics-ecostruxure-it-data-center-expert/