Vulnerability in Schneider Electric Easergy C5
CVE-2026-4827
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
EPSS: 0.001 (20.6th percentile) — read the EPSS interpretation.
Affected products
- Schneider Electric Easergy C5 — versions Version 1.1.17 and prior
- Schneider Electric Easergy Micom C264 — versions Versions D6.x, Versions D7.33 and prior, Versions D6.x all versions
- Schneider Electric Easergy Micom P30 — versions P436 version prior to P436.677.701, P539 version prior to P539.678.700, Easergy MiCOM P532 version prior to P532.678.700
- Schneider Electric Easergy Micom P40 — versions P_ 4_ _ _ _ _ L _ _ _ _ _ L, P_ 4_ _ _ _ _ H_ _ _ _ _ L, P_ 4_ _ _ _ _ L _ _ _ _ _ M
- Schneider Electric Easylogic T150 (Formerly Saitel Dr) — versions Version 11.06.30 and prior
- Schneider Electric Ecostruxure Power Automation System User Interface (Epas-ui) — versions Version 3.0.3 and prior
- Schneider Electric Ecostruxure™ Power Automation System Gateway (Epas-gtw) — versions Version 6.4.616.200.100 and prior
- Schneider Electric Ecostruxure™ Power Automation System User Interface (Epas-ui) — versions Version 3.0.3 and prior
- Schneider Electric Ecostruxure™ Power Operation — versions Version 2022 CU6 and prior, Version 2024 CU2 and prior
- Schneider Electric Ipmfls — versions Version 64.2025.0.13 and prior