CVE-2026-4832

Summary

CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEasergy MiCOM P14xAll versions prior to B4Aaffected
Schneider ElectricEasergy MiCOM P24xAll versions prior to D3Aaffected
Schneider ElectricEasergy MiCOM P341All versions prior to E3Faffected
Schneider ElectricEasergy MiCOM P342, P343, P344, P345All versions prior to B3Faffected
Schneider ElectricEasergy MiCOM P442, P444All versions prior to E3Aaffected
Schneider ElectricEasergy MiCOM P443, P445, P446, P543, P544, P545, P546All versions prior to H6Aaffected
Schneider ElectricEasergy MiCOM P642, P645All versions prior to B4Aaffected
Schneider ElectricEasergy MiCOM P643All versions prior to B3Faffected
Schneider ElectricEasergy MiCOM P741, P742, P743All versions prior to B2Aaffected
Schneider ElectricEasergy MiCOM P746All versions prior to B4E or C4Eaffected
Schneider ElectricEasergy MiCOM P841All versions prior to G6Aaffected
Schneider ElectricEasergy MiCOM P849All versions prior to B4Aaffected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-Coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References