CVE-2025-13957
Received Received - Intake
Hardcoded Credentials in SOCKS Proxy Enable Remote Code Execution

Publication date: 2026-03-10

Last updated on: 2026-03-10

Assigner: Schneider Electric SE

Description
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-10
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13957
EUVD
EUVD-2025-208473
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
schneider_electric ecostruxure_it_data_center_expert to 9.1 (exc)
schneider_electric ecostruxure_it_data_center_expert 9.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-13957 is a vulnerability in Schneider Electric’s EcoStruxure IT Data Center Expert software (version 9.0 and prior) involving the use of hard-coded credentials (CWE-798).

This vulnerability can lead to information disclosure and remote code execution if the SOCKS Proxy feature is enabled and an attacker knows the administrator and PostgreSQL database credentials.

The SOCKS Proxy is disabled by default, reducing the risk unless it is explicitly enabled.

Impact Analysis

Exploitation of this vulnerability can result in serious impacts including unauthorized disclosure of sensitive information and the ability for an attacker to execute remote code on the affected system.

The vulnerability has a high severity rating with a CVSS v4.0 base score of 7.5, indicating it can be exploited remotely with low attack complexity but requires high privileges.

Successful exploitation affects confidentiality, integrity, and availability of the system, potentially leading to system compromise or disruption of services.

Compliance Impact

I don't know

Detection Guidance

The vulnerability involves the use of hard-coded credentials when the SOCKS Proxy feature is enabled in Schneider Electric’s EcoStruxure IT Data Center Expert software. Detection would focus on verifying if the SOCKS Proxy is enabled and if the system is running a vulnerable version (9.0 or prior).

Specific commands are not provided in the available resources. However, general detection steps would include checking the configuration of the EcoStruxure IT Data Center Expert instance to confirm whether SOCKS Proxy is enabled, and verifying the software version.

Network scanning or monitoring for unusual activity related to SOCKS Proxy usage or attempts to use hard-coded credentials could also be part of detection, but no explicit commands or tools are detailed.

Mitigation Strategies

The primary mitigation step is to apply the patch by upgrading to EcoStruxure IT Data Center Expert version 9.1 or later, which remediates this vulnerability.

If immediate patching is not possible, ensure that the SOCKS Proxy feature remains disabled, as it is disabled by default and required for exploitation.

Additional mitigation includes hardening the DCE instance according to the EcoStruxure IT Data Center Expert Security Handbook.

  • Isolate control and safety system networks behind firewalls.
  • Restrict physical access and secure controllers.
  • Avoid unauthorized network connections and scan removable media.
  • Minimize network exposure and use secure remote access methods such as VPNs, ensuring VPNs are kept updated and secure.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13957. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart