Schneider Electric Data Center Expert
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Schneider Electric Data Center Expert.
By the Year
In 2026 there have been 1 vulnerability in Schneider Electric Data Center Expert. Last year, in 2025 Data Center Expert had 6 security vulnerabilities published. Right now, Data Center Expert is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 0.00 |
| 2025 | 6 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 4 | 9.55 |
It may take a day or so for new Data Center Expert vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Schneider Electric Data Center Expert Security Vulnerabilities
Hardcoded Credentials in Schneider Proxy Enable Remote Code Execution
CVE-2025-13957
- March 10, 2026
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
Use of Hard-coded Credentials
Setup Script PrivEsc Vulnerability (CVE-2025-50124)
CVE-2025-50124
- July 11, 2025
A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script.
Improper Privilege Management
SSRF in Unknown Service Enables UAC RCE
CVE-2025-50125
- July 11, 2025
A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header.
SSRF
OS Command Injection via Web Interface Folder Creation RCE
CVE-2025-50121
- July 11, 2025
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default.
Shell injection
Insufficient Entropy in Root Password Generation Enables Discovery
CVE-2025-50122
- July 11, 2025
A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts.
Insufficient Entropy
CWE-94: Hostname Code Injection Enables Remote Command Exec
CVE-2025-50123
- July 11, 2025
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input.
Code Injection
Improper XEE in SOAP API Allows Unauthorized File Access
CVE-2025-6438
- July 11, 2025
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account.
XXE
Data Center Expert <7.9.0: Deserialization RCE CVE-2022-32521
CVE-2022-32521
8.8 - High
- January 30, 2023
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)
Marshaling, Unmarshaling
Citrix Data Center Expert <7.9.0: Insufficiently Protected Credentials (CWE-522)
CVE-2022-32520
9.8 - Critical
- January 30, 2023
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)
Insufficiently Protected Credentials
Storing Passwords in Recoverable Format: Data Center Expert <7.9.0 Vulnerability
CVE-2022-32519
9.8 - Critical
- January 30, 2023
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)
Insufficiently Protected Credentials
Data Center Expert <7.9.0 Credential Leak (CWE-522)
CVE-2022-32518
9.8 - Critical
- January 30, 2023
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Schneider Electric Data Center Expert or by Schneider Electric? Click the Watch button to subscribe.
