Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection

Vulnerability Details Affected Vendor: Schneider Electric Affected Product: EcoStruxure IT Data Center Expert Affected Version: 8.3 and prior Platform: CentOS CWE Classification: CWE-611: Improper Restriction of XML External Entity Reference CVE ID: CVE-2025-6438 Vulnerability Description The "DataExchange" route allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. Technical Description From an authenticated perspective a user can send SOAP requests to the "/DataExchange/DataExchangeService" web route, providing an XML document in the POST body. When the web application processes the XML it will insecurely resolve entities that reference external resources, such as local files. The "GetHistoryRequest" SOAP action can be utilized to exfiltrate the resolved value by placing the entity reference within the XML document's "Id" parameter. The resulting error message reflects the value of the resolved entity, such as contents of a local file. Mitigation and Remediation Recommendation Version 9.0 of EcoStruxure IT Data Center Expert includes fixes for these vulnerabilities and is available upon request from Schneider Electric's Customer Care Center. Refer to …Read More