PatchSiren cyber security CVE debrief
CVE-2025-13957 Schneider Electric CVE debrief
Schneider Electric disclosed CVE-2025-13957 on 2026-03-10, with a CISA republication update on 2026-03-17. The issue affects EcoStruxure IT Data Center Expert versions through 9.0, while v9.1 includes the fix. According to the advisory, the risk is tied to hard-coded credentials and becomes more serious when SOCKS Proxy is enabled and an attacker also knows administrator and PostgreSQL database credentials. The vendor and CISA both note that SOCKS Proxy is disabled by default, which reduces exposure, but the vulnerability is still rated High.
- Vendor
- Schneider Electric
- Product
- EcoStruxure IT Data Center Expert
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-03-17
Who should care
Administrators and security teams responsible for Schneider Electric EcoStruxure IT Data Center Expert deployments, especially environments still running versions 9.0 or earlier, or any instance where SOCKS Proxy has been enabled. Asset owners using the product in operational or industrial environments should prioritize this advisory.
Technical summary
The advisory describes a hard-coded credentials weakness. If SOCKS Proxy is enabled and the attacker has administrator credentials plus PostgreSQL database credentials, the issue may lead to information disclosure and remote code execution. The source notes that SOCKS Proxy is disabled by default. The advisory’s stated severity is CVSS v4.0 7.5 High, while the supplied record also contains a CVSS 3.1 vector and a separate cvssScore value of 7.2; the advisory text should be treated as the primary severity statement.
Defensive priority
High. Update to EcoStruxure IT Data Center Expert v9.1 as soon as practical. If immediate upgrading is not possible, verify that SOCKS Proxy remains disabled and harden the deployment using Schneider Electric’s Security Handbook and CISA industrial control system defensive guidance.
Recommended defensive actions
- Upgrade Schneider Electric EcoStruxure IT Data Center Expert to v9.1, which the vendor identifies as containing the fix.
- Confirm SOCKS Proxy is disabled on all affected deployments and keep it disabled unless there is a documented operational need.
- Review and harden the DCE instance using Schneider Electric’s EcoStruxure IT Data Center Expert Security Handbook.
- Validate administrator and PostgreSQL credential hygiene, including rotation where policy or exposure warrants it.
- Use CISA industrial control system recommended practices to reduce attack surface and improve monitoring.
- Track vendor and CISA advisory updates for any revised remediation guidance or affected-version clarification.
Evidence notes
Primary evidence comes from the CISA-republished CSAF advisory ICSA-26-076-03 for Schneider Electric EcoStruxure IT Data Center Expert and the linked Schneider Electric SEVD-2026-069-05 advisory materials. The source states that the vulnerability is a hard-coded credentials issue, that SOCKS Proxy is disabled by default, that v9.1 contains the fix, and that the issue can lead to information disclosure and remote code execution under the stated conditions. The timeline provided with this record places disclosure on 2026-03-10 and republication on 2026-03-17.
Official resources
-
CVE-2025-13957 CVE record
CVE.org
-
CVE-2025-13957 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the source advisory on 2026-03-10, with a CISA republication update on 2026-03-17. SOCKS Proxy is noted as disabled by default in the advisory.