Schneider Electric Easergy MiCOM C264
Moderate fix1 remedy
cpe:2.3:h:schneider-electric:micom_c264:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= D6, <= D6.999999
- ~D7.33
Schneider Electric Multiple Products Insufficient Entropy Vulnerability Allowing Unauthorized Access
Vulnerability
Patched
A vulnerability exists in various Schneider Electric products due to insufficient entropy, which could lead to unauthorized access. This issue arises when an attacker on the network exploits weaknesses in session management protections. Affected products include the Easergy C5, Easergy MiCOM P30, Easergy MiCOM P40, Easergy MiCOM C264, EcoStruxure Power Automation System Gateway (EPAS-GTW), EcoStruxure Power Automation System User Interface (EPAS-UI), EcoStruxure Power Operation, PowerLogic P5, PowerLogic P7, PowerLogic T300, PowerLogic T500, Saitel DP, and EasyLogic T150, across several different versions and ranges.
Impact
Exploitation of this vulnerability could lead to session hijacking, allowing malicious actors to perform unauthorized operations within the affected system.
Remediation
Users can update to the latest versions of the affected products. For specific version details, refer to the Schneider Electric Security Notification SEVD-2026-132-02. After updating, a reboot is required to complete the process. If the update is not possible, apply recommended mitigations such as ensuring the device operates within a segmented internal network and reducing session timeout durations.
Added: May 12, 2026, 1:22 PM
Updated: May 12, 2026, 1:22 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
5.0exploitability
4.7remediation
7.7relevance
8.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.