← volver
CVE-2026-4827

Insufficient Entropy vulnerability on Multiple Products

CVSS 8.7 HIGHEPSS 0.3%CWE-331
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Productos afectados
Schneider Electric · Easergy C5Schneider Electric · Easergy MiCOM C264Schneider Electric · Easergy MiCOM P30Schneider Electric · Easergy MiCOM P40Schneider Electric · EasyLogic T150 (formerly Saitel DR)Schneider Electric · EcoStruxure™ Power Automation System Gateway (EPAS-GTW)Schneider Electric · EcoStruxure™ Power Automation System User Interface (EPAS-UI)Schneider Electric · EcoStruxure™ Power OperationSchneider Electric · iPMFLSSchneider Electric · PowerLogic™ P5 Protection RelaySchneider Electric · PowerLogic™ P7 Protection and Control PlatformSchneider Electric · PowerLogic™ T300Schneider Electric · PowerLogic™ T500Schneider Electric · Saitel DP

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-02.pdf