Schneider Electric EcoStruxure IT Data Center Expert
View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation provided below may risk information disclosure. The following versions of Schneider Electric EcoStruxure IT Data Center Expert are affected: EcoStruxure IT Data Center Expert vers:intdot/<=9.1.1, 9.1.2 (CVE-2026-8045) CVSS Vendor Equipment Vulnerabilities v3 6.5 Schneider Electric Schneider Electric EcoStruxure IT Data Center Expert Improper Restriction of XML External Entity Reference Background Critical Infrastructure Sectors: Information Technology, Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-8045 CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints View CVE Details Affected Products Schneider Electric EcoStruxure IT Data Center Expert Vendor: Schneider Electric Product Version: EcoStruxure IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) Version 9.1.1 and Prior Product Status: fixed, known_affected Remediations Vendor fix v9.1.2 of EcoStruxure™ IT Data Center Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/en/product-range/61851-ecostruxure-it-data- center-expert/#software-and-firmware https://www.se.com/ww/en/product-country-selector/?pageType=product-range&sourceId=61851#software-and-firmware Relevant CWE: CWE-611 Improper Restriction of XML External Entity Reference Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/
CSIRTS triage
- What
- The vulnerability allows for information disclosure due to improper restriction of XML external entity references.
- Who is affected
- Deployments of EcoStruxure IT Data Center Expert versions 9.1.1 and 9.1.2.
- Urgency
- Remediation is critical due to the potential for information disclosure.
- Action
- Apply the provided remediation to affected versions.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch EcoStruxure IT Data Center Expert
Get an email when a new EcoStruxure IT Data Center Expert advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-03
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-80450.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-8045 | coverage & exploitation status | NVD · CVE.org |
More from CISA Cybersecurity Advisories
- highCISA Adds Two Known Exploited Vulnerabilities to Catalog2026-07-10
- criticalSchneider Electric PowerChute Serial Shutdown2026-07-09
- criticalOpenPLC v32026-07-09
- criticalSchneider Electric Easergy MiCOM Px40 Series2026-07-09
- highCISA Adds One Known Exploited Vulnerability to Catalog2026-07-07