Ecostruxure It Data Center Expert
Monthly
Server-side file disclosure in Schneider Electric EcoStruxure IT Data Center Expert v9.1.1 and prior allows authenticated users to read arbitrary files on the underlying host by submitting crafted XML payloads to SOAP service endpoints. The flaw stems from improper restriction of XML External Entity references (CWE-611) in the SOAP API. No public exploit identified at time of analysis, but CISA SSVC marks the issue as automatable with partial technical impact.
Server-side file disclosure in Schneider Electric EcoStruxure IT Data Center Expert v9.1.1 and prior allows authenticated users to read arbitrary files on the underlying host by submitting crafted XML payloads to SOAP service endpoints. The flaw stems from improper restriction of XML External Entity references (CWE-611) in the SOAP API. No public exploit identified at time of analysis, but CISA SSVC marks the issue as automatable with partial technical impact.