Body Background
TrendAI™ Zero Day Initiative™ Logo

Schneider Electric EcoStruxure Data Center Expert Missing Authentication Information Disclosure Vulnerability

October 17th, 2024
ZDI-24-1416 ZDI-CAN-23489

CVE ID

CVE-2024-8530

CVSS Score

5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Vendors

Schneider Electric

Affected Products

EcoStruxure Data Center Expert

Vulnerability Details

The vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of log files. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information, leading to further compromise.

Additional Details

https://www.cisa.gov/news-events/ics-advisories/icsa-24-289-02
https://community.se.com/t5/Data-Center-Expert-release-notes/EcoStruxure-IT-Data-Center-Expert-8-2-0-release-notes/ta-p/463789


Disclosure Timeline

  • 2024-07-16 - Vulnerability reported to vendor
  • 2024-10-17 - Coordinated public release of advisory
  • 2024-10-18 - Advisory Updated

Credit

Anonymous

Back to Advisories

Hero Background

Stand at the front line of proactive security

Trend ZDI connects the experts who discover, remediate, and defend.
Add your voice to the work that pushes attackers back.