CVE-2026-9650

Summary

CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the device if they have physical access to the device.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & ControllerVersion 11.06.30 and prioraffected
Schneider ElectricSaitel DP Remote Terminal Unit & ControllerVersion 11.06.35 and prioraffected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References