By vendor
Schneider-Electric vulnerabilities
Known CVEs affecting Schneider-Electric products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-8045MEDIUM 6.5
A vulnerability in Schneider Electric's StruxureWare Data Center Expert allows authenticated users with Data Center Expert account privileges to disclose sensitive files from the server by submitting malicious XML files to SOAP service endpoints. The vulnerability exploits improper handling of XML external entities (XXE), a well-known attack vector that lets attackers reference external files and retrieve their contents. An attacker must have valid Data Center Expert credentials to exploit this—it is not remotely exploitable by unauthenticated users.