View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data Centre
January 31, 2017updated 13 Jul 2022 4:59am

Security vulnerability found in Schneider Electric data centre software

Schneider Electric StruxureWare Data Centre Expert versions 7.3.1 and earlier found with critical vulnerability fault.

By Hannah Williams

A critical vulnerability has been found in Schneider Electric’s StruxureWare Data Centre Expert which could potentially allow an outsider to obtain remote access to sensitive information such as passwords.

Potentially putting banks, insurers, medical centres and other users of StruxureWare Data Centre at risk, Schneider has issued a patch for the vulnerability and has urged all installations of the software to be upgraded to version 7.4.

The vulnerability found in StruxtureWare Data Centre, which is designed to monitor physical infrastructure, was rated 7.6 on the CVSS v3 scale. This high score reflects the ability of an outsider to obtain remote access to sensitive information found in critical data center support systems that are connected to StruxureWare Data Center Expert. An attacker can recover passwords from RAM on the client side of the platform, where they are held in unencrypted form.

IIya Karpov, Head of the ICS Research and Audit Unit at Positive Technologies, the company that discovered the vulnerability, said: “A vulnerability such as this threatens the functioning of critical systems on which data centres depend: video surveillance, fire suppression, backup generators and generator control units, switches, pumps, UPS systems, and precision cooling.”

Positive Technologies researchers previously uncovered vulnerabilities in Schneider Electric Wonderware Information Server in 2013 and 2014.

Karpov added: “A hacker could use this flaw to penetrate the internal network at a data centre, obtain confidential information, or even cause physical harm.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.