HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-8045Published Modified CNA schneider

CVE-2026-8045: CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints.

Metrics

CVSS v4.0
7.1
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An XML External Entity (XXE) injection vulnerability exists in Schneider Electric EcoStruxure IT Data Center Expert (versions 9.1.1 and prior). An attacker who holds a valid Data Center Expert user account can send crafted XML payloads to the product's SOAP service endpoints over the network, causing the server to parse and return the contents of files from its own filesystem. Successful exploitation reads arbitrary server-side files, disclosing potentially sensitive configuration or credential data. No fix version has been published yet; HarborGuard tracks this advisory and will make a patched-image rebuild available as soon as an upstream fix is released.

HarborGuard Coverage

Detection

Detection of CVE-2026-8045 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that package EcoStruxure IT Data Center Expert components.

Available
Triage

HarborGuard scores this CVE at 7.1 HIGH using its CVSS v4.0 vector, and triage capability includes per-environment compliance policy weighting that adjusts effective priority based on each organization's risk posture, with findings routed to the appropriate team inbox within the customer org.

Available
Patch

No upstream fix version has been published for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment Schneider Electric publishes a corrected release; customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads automatically at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the SOAP service endpoints over the network; the vulnerable service is exposed via standard network connectivity.

  • AuthenticationRequired

    A valid Data Center Expert user account is required; any low-privilege account is sufficient to submit crafted XML payloads.

  • Victim interactionNot required

    No victim interaction is needed; the attacker submits the malicious payload directly to the service without requiring any action from another user.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental prerequisites beyond network access and a valid account.

Blast Radius

  • The attacker reads arbitrary files from the server's filesystem, including configuration files, application settings, and potentially stored credentials.
  • Sensitive operating-system files such as password stores or private key material accessible to the application process are exposed.
  • There is no integrity or availability impact; the attacker cannot modify data or disrupt service through this vulnerability alone.
  • Disclosure is limited to files readable by the process running the SOAP service, but on a data center management platform this scope can include highly sensitive operational data.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix version currently exists for CVE-2026-8045, the platform monitors the Schneider Electric advisory on every ingest cycle and will trigger a patched-image rebuild automatically the moment a corrected version is published. In the interim, customers can use HarborGuard's network-policy controls to flag or block images running affected EcoStruxure IT Data Center Expert versions and apply compensating controls such as restricting network access to the SOAP endpoints via egress and ingress filtering rules, limiting SOAP service exposure to trusted network segments only, and auditing which accounts hold Data Center Expert user privileges to reduce the pool of potential attackers. For customers with auto-remediation enabled, a rebuild, regression-test run, and PR against affected workloads will be initiated without manual intervention once the upstream patch is available.

See how HarborGuard automates this
Affected packages
  • Schneider Electric / EcoStruxure™ IT Data Center Expert
    v9.1.1 and Prior
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References