Schneider Electric EcoStruxure DCE: Hard-Coded Credentials
🔒 Schneider Electric disclosed a hard‑coded credentials vulnerability in EcoStruxure IT Data Center Expert (DCE) that can lead to information disclosure and remote compromise when the SOCKS Proxy feature is enabled. Exploitation requires administrative access plus knowledge of PostgreSQL credentials; SOCKS Proxy is disabled by default. The issue is tracked as CVE‑2025‑13957 with a CVSS v3.1 base score of 7.2. Administrators should apply vendor updates or implement interim mitigations per the vendor handbook.
