CVE-2026-4827 PUBLISHED

Insufficient Entropy vulnerability on Multiple Products

Assigner: schneider
Reserved: 25.03.2026 Published: 12.05.2026 Updated: 12.05.2026

CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Schneider Electric
Product Easergy MiCOM C264
Versions Default: unaffected
  • Version Versions D6.x all versions is affected
  • Version Versions D7.33 and prior is affected
Vendor Schneider Electric
Product Easergy C5
Versions Default: unaffected
  • Version Version 1.1.17 and prior is affected
Vendor Schneider Electric
Product Easergy MiCOM P30
Versions Default: unaffected
  • Version Easergy MiCOM P139 version prior to P139.678.700 is affected
  • Version Easergy MiCOM P437 version prior to P437.678.700 is affected
  • Version Easergy MiCOM P439 version prior to P439.678.700 is affected
  • Version Easergy MiCOM P532 version prior to P532.678.700 is affected
  • Version Easergy MiCOM P539 version prior to P539.678.700 is affected
  • Version Easergy MiCOM P631 version prior to P631.678.700 is affected
  • Version Easergy MiCOM P632 version prior to P632.678.700 is affected
  • Version Easergy MiCOM P633 version prior to P633.678.700 is affected
  • Version Easergy MiCOM P633 version P633.680.700 only is affected
  • Version Easergy MiCOM P634 version prior to P634.678.700 is affected
  • Version Easergy MiCOM P634 version P634.680.700 only is affected
  • Version Easergy MiCOM P138 version prior to P138.677.700 is affected
  • Version Easergy MiCOM P436 version prior to P436.677.701 is affected
  • Version Easergy MiCOM P438 version prior to P438.677.701 is affected
  • Version Easergy MiCOM P638 version prior to P638.677.700 is affected
  • Version Easergy MiCOM C434 version prior to C434.679.700 is affected
Vendor Schneider Electric
Product Easergy MiCOM P40
Versions Default: unaffected
  • Version P_ 4_ _ _ _ _ G_ _ _ _ _ M is affected
  • Version P_ 4_ _ _ _ _ H_ _ _ _ _ M is affected
  • Version P_ 4_ _ _ _ _ L _ _ _ _ _ M is affected
  • Version P_ 4_ _ _ _ _ G_ _ _ _ _ L is affected
  • Version P_ 4_ _ _ _ _ H_ _ _ _ _ L is affected
  • Version P_ 4_ _ _ _ _ L _ _ _ _ _ L is affected
Vendor Schneider Electric
Product EcoStruxure™ Power Automation System Gateway (EPAS-GTW)
Versions Default: unaffected
  • Version Version 6.4.616.200.100 and prior is affected
Vendor Schneider Electric
Product EcoStruxure Power Automation System User Interface (EPAS-UI)
Versions Default: unaffected
  • Version Version 3.0.3 and prior is affected
Vendor Schneider Electric
Product EcoStruxure™ Power Operation
Versions Default: unaffected
  • Version Version 2022 CU6 and prior is affected
  • Version Version 2024 CU2 and prior is affected
Vendor Schneider Electric
Product iPMFLS
Versions Default: unaffected
  • Version Version 64.2025.0.13 and prior is affected
Vendor Schneider Electric
Product PowerLogic™ P5 Protection Relay
Versions Default: unaffected
  • Version V02.502.103 and prior is affected
Vendor Schneider Electric
Product PowerLogic™ P7 Protection and Control Platform
Versions Default: unaffected
  • Version V02.002.002 and prior is affected
Vendor Schneider Electric
Product PowerLogic™ T300
Versions Default: unaffected
  • Version Version 2.9.4 and prior is affected
Vendor Schneider Electric
Product PowerLogic™ T500
Versions Default: unaffected
  • Version Version 11.08.02 and prior is affected
Vendor Schneider Electric
Product Saitel DP
Versions Default: unaffected
  • Version Version 11.06.36 and prior is affected
Vendor Schneider Electric
Product EasyLogic T150 (formerly Saitel DR)
Versions Default: unaffected
  • Version Version 11.06.30 and prior is affected

References

Problem Types

  • CWE-331 Insufficient entropy CWE