HIGHCVE-2026-4827Published Modified CNA schneider
CVE-2026-4827: Insufficient Entropy vulnerability on Multiple Products
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
Metrics
- CVSS v4.0
- 8.7
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 14
Affected packages
- Schneider Electric / Easergy MiCOM C264Versions D6.x · Versions D7.33 and prior
- Schneider Electric / Easergy C5Version 1.1.17 and prior
- Schneider Electric / Easergy MiCOM P30P139 version prior to P139.678.700 · P437 version prior to P437.678.700 · P439 version prior to P439.678.700 · P532 version prior to P532.678.700 · P539 version prior to P539.678.700 · P631 version prior to P631.678.700
- Schneider Electric / Easergy MiCOM P40Series model numbers with Protocol Option bit as G, H or L and all firmware versions
- Schneider Electric / EcoStruxure™ Power Automation System Gateway (EPAS-GTW)Version 6.4.616.200.100 and prior
- Schneider Electric / EcoStruxure™ Power Automation System User Interface (EPAS-UI)Version 3.0.3 and prior
- Schneider Electric / EcoStruxure™ Power OperationVersion 2022 CU6 and prior · Version 2024 CU2 and prior
- Schneider Electric / iPMFLSVersion 64.2025.0.13 and prior
- Schneider Electric / PowerLogic™ P5 Protection RelayV02.502.103 and prior
- Schneider Electric / PowerLogic™ P7 Protection and Control PlatformV02.002.002 and prior
- Schneider Electric / PowerLogic™ T300Version 2.9.4 and prior
- Schneider Electric / PowerLogic™ T500Version 11.08.02 and prior
- Schneider Electric / Saitel DPVersion 11.06.36 and prior
- Schneider Electric / EasyLogic T150 (formerly Saitel DR)Version 11.06.30 and prior
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:NReferences