CVE-2026-8045
View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that col...
Affects 0 products across 1 vendor.
Schneider Electric Data Center Expert (DCE) contains an XML External Entity (XXE) injection vulnerability in its SOAP service endpoints, allowing an authenticated attacker to read arbitrary server-side files. An adversary with a valid DCE user account can craft malicious XML payloads to exfiltrate sensitive configuration files, credentials, or infrastructure data from the management server. In OT environments where DCE is used to monitor power and cooling infrastructure (UPS, PDUs, thermal systems), successful exploitation could expose credentials and network topology used to pivot deeper into critical facility operations.
Is this CVE in your environment?
BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.
Check My Environment →What is CVE-2026-8045?
Is CVE-2026-8045 actively exploited?
How do I remediate CVE-2026-8045?
What systems are affected by CVE-2026-8045?
| CVE ID | CVE-2026-8045 |
|---|---|
| Published | 2026-06-30 |
| Last Modified | 2026-06-30 |
| ICS Relevance | 55% |
| Weakness (CWE) | |
| Source | NVD |
View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation provided below may risk information disclosure. The following versions of Schneider Electric EcoStruxure IT Data Center Expert are affected: EcoStruxure IT Data Ce
Source: NIST NVD / MITRE CVE Database
| Vendor | Product | Fixed Version |
|---|---|---|
| Schneider-Electric | — | — |
Patch details not yet published. Monitor Schneider Electric Security Notification portal for official advisory and fixed version. Expected remediation involves disabling XML external entity processing in the DCE SOAP service XML parser.
View Vendor Advisory →| CISA KEV | Not in KEV catalog |
|---|---|
| Public Exploit | Not confirmed |
| PoC Code | Not confirmed |
Deploy the Suricata/Snort rule on the network TAP or inline IPS at the perimeter of the management VLAN hosting DCE servers. Block any HTTP/HTTPS POST requests containing DOCTYPE or ENTITY declarations targeting DCE SOAP endpoints (typically /services/* or /soap/* URI paths on TCP 443 or 8080). Additionally, configure a WAF rule to reject XML payloads containing '<!ENTITY' or '<!DOCTYPE' strings inbound to DCE. Restrict source IPs to a defined allowlist of management workstations at the firewall level.
No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.
Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.
ICS/OT Vulnerability Intelligence for Your Environment
BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.
Join free →