CVE-2025-13957
Hardcoded Credentials in SOCKS Proxy Enable Remote Code Execution
Publication date: 2026-03-10
Last updated on: 2026-03-10
Assigner: Schneider Electric SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| schneider_electric | ecostruxure_it_data_center_expert | to 9.1 (exc) |
| schneider_electric | ecostruxure_it_data_center_expert | 9.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-13957 is a vulnerability in Schneider Electricβs EcoStruxure IT Data Center Expert software (version 9.0 and prior) involving the use of hard-coded credentials (CWE-798).
This vulnerability can lead to information disclosure and remote code execution if the SOCKS Proxy feature is enabled and an attacker knows the administrator and PostgreSQL database credentials.
The SOCKS Proxy is disabled by default, reducing the risk unless it is explicitly enabled.
How can this vulnerability impact me? :
Exploitation of this vulnerability can result in serious impacts including unauthorized disclosure of sensitive information and the ability for an attacker to execute remote code on the affected system.
The vulnerability has a high severity rating with a CVSS v4.0 base score of 7.5, indicating it can be exploited remotely with low attack complexity but requires high privileges.
Successful exploitation affects confidentiality, integrity, and availability of the system, potentially leading to system compromise or disruption of services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves the use of hard-coded credentials when the SOCKS Proxy feature is enabled in Schneider Electricβs EcoStruxure IT Data Center Expert software. Detection would focus on verifying if the SOCKS Proxy is enabled and if the system is running a vulnerable version (9.0 or prior).
Specific commands are not provided in the available resources. However, general detection steps would include checking the configuration of the EcoStruxure IT Data Center Expert instance to confirm whether SOCKS Proxy is enabled, and verifying the software version.
Network scanning or monitoring for unusual activity related to SOCKS Proxy usage or attempts to use hard-coded credentials could also be part of detection, but no explicit commands or tools are detailed.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to apply the patch by upgrading to EcoStruxure IT Data Center Expert version 9.1 or later, which remediates this vulnerability.
If immediate patching is not possible, ensure that the SOCKS Proxy feature remains disabled, as it is disabled by default and required for exploitation.
Additional mitigation includes hardening the DCE instance according to the EcoStruxure IT Data Center Expert Security Handbook.
- Isolate control and safety system networks behind firewalls.
- Restrict physical access and secure controllers.
- Avoid unauthorized network connections and scan removable media.
- Minimize network exposure and use secure remote access methods such as VPNs, ensuring VPNs are kept updated and secure.