CVE-2026-8045

N/A

View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that col...

Affects 0 products across 1 vendor.

CVSS v47.1
EPSS0.2%
Percentile14th
PatchUnknown
CWE Weakness Definitions
CWE-611: CWE-611
◆ SAGE Intelligence — CITED Relevance Research Team

Schneider Electric Data Center Expert (DCE) contains an XML External Entity (XXE) injection vulnerability in its SOAP service endpoints, allowing an authenticated attacker to read arbitrary server-side files. An adversary with a valid DCE user account can craft malicious XML payloads to exfiltrate sensitive configuration files, credentials, or infrastructure data from the management server. In OT environments where DCE is used to monitor power and cooling infrastructure (UPS, PDUs, thermal systems), successful exploitation could expose credentials and network topology used to pivot deeper into critical facility operations.

Is this CVE in your environment?

BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.

Check My Environment →
Frequently Asked Questions
What is CVE-2026-8045?
Schneider Electric Data Center Expert (DCE) contains an XML External Entity (XXE) injection vulnerability in its SOAP service endpoints, allowing an authenticated attacker to read arbitrary server-side files. An adversary with a valid DCE user account can craft malicious XML payloads to exfiltrate sensitive configuration files, credentials, or infrastructure data from the management server. In OT environments where DCE is used to monitor power and cooling infrastructure (UPS, PDUs, thermal syste
Is CVE-2026-8045 actively exploited?
No confirmed active exploitation of CVE-2026-8045 as of 2026-07-01.
How do I remediate CVE-2026-8045?
Patch details not yet published. Monitor Schneider Electric Security Notification portal for official advisory and fixed version. Expected remediation involves disabling XML external entity processing in the DCE SOAP service XML parser. Advisory: https://www.se.com/en/work/support/cybersecurity/security-notifications.jsp
What systems are affected by CVE-2026-8045?
CVE-2026-8045 affects: Schneider-Electric.
Vulnerability Details
CVE IDCVE-2026-8045
Published2026-06-30
Last Modified2026-06-30
ICS Relevance55%
Weakness (CWE)
SourceNVD
Official Description

View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation provided below may risk information disclosure. The following versions of Schneider Electric EcoStruxure IT Data Center Expert are affected: EcoStruxure IT Data Ce

Source: NIST NVD / MITRE CVE Database

Affected Products
VendorProductFixed Version
Schneider-Electric —
Remediation

Patch details not yet published. Monitor Schneider Electric Security Notification portal for official advisory and fixed version. Expected remediation involves disabling XML external entity processing in the DCE SOAP service XML parser.

View Vendor Advisory →
Threat Intelligence
● Threat Intelligence Validated: July 2026 | Threat Age: 12 Days
CISA KEVNot in KEV catalog
Public ExploitNot confirmed
PoC CodeNot confirmed
● Virtual Patch — CITED Relevance SAGE Engine MEDIUM CONFIDENCE

Deploy the Suricata/Snort rule on the network TAP or inline IPS at the perimeter of the management VLAN hosting DCE servers. Block any HTTP/HTTPS POST requests containing DOCTYPE or ENTITY declarations targeting DCE SOAP endpoints (typically /services/* or /soap/* URI paths on TCP 443 or 8080). Additionally, configure a WAF rule to reject XML payloads containing '<!ENTITY' or '<!DOCTYPE' strings inbound to DCE. Restrict source IPs to a defined allowlist of management workstations at the firewall level.

No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.

Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.

Related CVEs affecting Schneider-Electric
CVE-2020-11897 10.0 The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multipl... CVE-2014-0754 10.0 Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modic... CVE-2013-0657 10.0 Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA... CVE-2011-4861 10.0 The modbus_125_handler function in the Schneider Electric Quantum Ethernet Mo... CVE-2014-9198 10.0 The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with...
View all Schneider-Electric CVEs →

ICS/OT Vulnerability Intelligence for Your Environment

BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.

Join free →