StruxureWare Data Center Expert

2017: Vulnerability in StruxureWare Data Center Expert is detected

On January 31, 2017 the Positive Technologies company announced detection of vulnerability in the Schneider Electric StruxureWare Data Center Expert system. The expert Ilya Karpov detected vulnerability.

Ilya Karpov, the expert of Positive Technologies company, revealed critical vulnerability in the Schneider Electric StruxureWare Data Center Expert system intended for monitoring of physical infrastructure in data processing centers. Using this product banks, media corporations, chipmakers, insurers, the medical centers and the companies of other industries control work of the DPCs.

The detected vulnerability^[1]received assessment 7.6 on CVSS v3 scale. The high level of danger is connected with a possibility of receiving remote access to the sensitive information which is contained in the life support systems of data center connected to StruxureWare Data Center Expert. Attacking can consider passwords from RAM of this platform on client side where they get in open form.

Using this gap, the malefactor can get into internal network of data center, catch confidential information or arrange accident. Platforms of infrastructure management of data center (Data Center Infrastructure Management, DCIM) allow to control all business activities of data center therefore such vulnerability threatens operability of the crucial equipment of DPC: video surveillance systems and fire extinguishing, generators, switches, pump stations, control blocks with engines, uninterruptible power supply units, precision cooling systems. Ilya Karpov, head of research and audit of industrial management systems of Positive Technologies

Specialists of Schneider Electric recommend to users of StruxureWare Data Center Expert to set the adjusting updates as soon as possible.

2014: StruxureWare Data Center Expert

StruxureWare Data Center Expert is a control system of the physical infrastructure of the company consisting of the equipment of different producers and including electric power supply systems, coolings, security and control of the environment.

Users can address the centralized StruxureWare Data Center Expert base from any point of network, receiving a uniform picture about a status of physical infrastructure. The architecture allows scaling according to business needs - acquisition of licenses for additional devices, different modules:

• observations,
• resource managements of DPC,
• change management and integration with enterprise management systems and the building.

Advantages

• Possibility of adaptation
  • Add-on interface unit of Modbus-TCP - Data integration and the selected events from the devices controlled by StruxureWare Data Center Expert in the operating management systems for the building through an Ethernet network.
  • Scalable architecture - License keys on connection of additional devices allow to expand possibilities of the platform, providing its growth according to change of business needs.
  • Integration into the InfraStruXure Management applications - Software modules of StruxureWare Data Center Operation provide a combination of energy efficiency, predictive planning and management of DPC in real time.
  • Additional application of video surveillance - The improved possibilities of visual control of the crucial equipment and management of physical threats for monitoring and record of any actions in the protected zone. The central storage system allows to browse, perform search and to mark records of a video surveillance system for the subsequent use.
  • Programming interface of web services - Ability to integrate data and events of StruxureWare Data Center Expert into the existing IT applications and tools supporting service calls via the Web interface.

• Flexibility
  • Automatic detection - Reduction of time necessary on installation and deployment of devices of physical infrastructure due to automatic detection of devices in network.
  • the Configured appointment - the Fast identification of problem devices provided with application of the user backgrounds selected by the user of icons and their placements using technology of drag and drop (drag-and-drop device) allows to minimize a downtime, number of wrong actions and expenses.
  • Mass setup - Provides extensive opportunities of mass setup, allowing to create, save and extend configurations or installations of specific parameters to the similar APC devices equipped with the card of network management.
  • Bulk update of the built-in software - Simplification and reduction of time of setup of the managed devices due to simultaneous updating of the built-in software in several APC devices.
  • Private networks - Reduction of need for the IP addresses of a public service network for device management, due to their transfer in the isolated protected network.

• Readiness
  • the Centralized node of storage of the registered events - Access to the warning messages which arrived from different devices and registered in the general database. Sorting of warning messages according to type, date, devices and/or group of devices.
  • Special reports - Creation, preserving and planning of the reports determined by the user for easy collecting, distribution and data analysis.
  • Graphical analysis of trends - Access to the continuous and contemporary records of any device or group of devices. Creation of diagrams and charts of change of the different parameters showing logical relationships with potentially dangerous trends.
  • the Integrated data storage device - StruxureWare Data Center Expert has the built-in data warehouse and a video information. For long-term archived data storage it is possible to use the additional storage system constructed on the NAS server.
  • the Localized user interface - Is provided the localized user interface, including warning messages and their descriptions in 10 languages.

• Controllability
  • Centralized operation - Simple management of physical infrastructure of DPC using the centralized database available from any point of network through the powerful and console application easy in use.
  • Notification on fault emergence - The notification on events in real time allows to reduce terms of reaction to critical change of physical infrastructure. Allow IT administrators to reduce mean repair time, to improve efficiency and to increase error-free running time.
  • Support of devices of different producers - Broad support of SNMP devices of different producers. A possibility of the visualization of a status of SNMP devices using notifications on achievement of threshold value, the analysis of trends and creation of reports.
  • functioning Control in real time - Visual display of a current status of all physical infrastructure using the centralized system of control and the notification in real time which is timely providing necessary information on the taking place events.
  • the Integrated console - the Configured client applications under Windows and Linux provide instant access to the StruxureWare Data Center Expert application from any point of network.

• Protection
  • Setup of access for users - Providing powers of access and viewing data to separate user groups. Access control to devices using the accounts of users determined by the network administrator. Additional access for users can be organized using the built-in facilitated protocol of access of LDAP and Active Directory Support.

• Communication enciphering - Data protection is provided due to 128-bit enciphering according to the SSL standard of the messages transferred on the communication line between the client and the server. Besides, the ciphered identifiers and passwords which are stored on the server are applied to protection.
  • Support of remote control - the Service on the basis of the web interface gives to the customer "the second pair of eyes" monitoring a status of physical infrastructure. Experienced specialists continuously monitor the equipment 24 hours a day and help to reveal problems before they lead to critical effects.

Notes