Schneider Electric’s Shocking Security Slip: Privilege Escalation Alert!
Attention IT experts! Schneider Electric’s EcoStruxure IT Data Center Expert is experiencing a privilege escalation issue. The Charon executable can help attackers channel their inner hacker, granting them unauthorized root access. Time to patch up and prevent your data center from becoming a cyber playground!
Hot Take:
Oh Schneider Electric, you had one job: keep those pesky hackers out of the data center! But alas, it seems your EcoStruxure IT Data Center Expert has turned into an ‘EcoStruxure IT Data Center Amateur’. Low-privileged users can now waltz their way to becoming the king of the root castle, thanks to the Charon executable. Maybe it’s time to hire a new gatekeeper, eh?
Key Points:
- Schneider Electric’s EcoStruxure IT Data Center Expert version 8.3 and prior are affected by a privilege escalation vulnerability.
- The Charon executable allows low-privileged users to obtain root privileges by manipulating service start and stop commands.
- The vulnerability is identified under CVE-2025-50124 and is classified as CWE-266: Incorrect Privilege Assignment.
- A patch is available in version 9.0, accessible through Schneider Electric’s Customer Care Center.
- This vulnerability was discovered by KoreLogic’s dynamic duo, Jaggar Henry and Jim Becher.
Already a member? Log in here