Skip to main content

Ecostruxure It Data Center Expert

1 CVEs product

Monthly

CVE-2026-8045 HIGH CISA This Week

Server-side file disclosure in Schneider Electric EcoStruxure IT Data Center Expert v9.1.1 and prior allows authenticated users to read arbitrary files on the underlying host by submitting crafted XML payloads to SOAP service endpoints. The flaw stems from improper restriction of XML External Entity references (CWE-611) in the SOAP API. No public exploit identified at time of analysis, but CISA SSVC marks the issue as automatable with partial technical impact.

XXE Information Disclosure Ecostruxure It Data Center Expert
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
EPSS 0% CVSS 7.1
HIGH This Week

Server-side file disclosure in Schneider Electric EcoStruxure IT Data Center Expert v9.1.1 and prior allows authenticated users to read arbitrary files on the underlying host by submitting crafted XML payloads to SOAP service endpoints. The flaw stems from improper restriction of XML External Entity references (CWE-611) in the SOAP API. No public exploit identified at time of analysis, but CISA SSVC marks the issue as automatable with partial technical impact.

XXE Information Disclosure Ecostruxure It Data Center Expert
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy