8.7

CVE-2026-4827

Insufficient Entropy vulnerability on Multiple Products

CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSchneider Electric
Produkt Easergy MiCOM C264
Default Statusunaffected
Version Versions D6.x
Status affected
Version Versions D7.33 and prior
Status affected
HerstellerSchneider Electric
Produkt Easergy C5
Default Statusunaffected
Version Version 1.1.17 and prior
Status affected
HerstellerSchneider Electric
Produkt Easergy MiCOM P30
Default Statusunaffected
Version P139 version prior to P139.678.700
Status affected
Version P437 version prior to P437.678.700
Status affected
Version P439 version prior to P439.678.700
Status affected
Version P532 version prior to P532.678.700
Status affected
Version P539 version prior to P539.678.700
Status affected
Version P631 version prior to P631.678.700
Status affected
Version P632 version prior to P632.678.700
Status affected
Version P633 version prior to P633.678.700
Status affected
Version P634 version prior to P634.678.700
Status affected
Version P633 version P633.680.700 only
Status affected
Version P634 version P634.680.700 only
Status affected
Version P138 version prior to P138.677.700
Status affected
Version P436 version prior to P436.677.701
Status affected
Version P438 version prior to P438.677.701
Status affected
Version P638 version prior to P638.677.700
Status affected
Version C434 version prior to C434.679.700
Status affected
HerstellerSchneider Electric
Produkt Easergy MiCOM P40
Default Statusunaffected
Version Series model numbers with Protocol Option bit as G, H or L and all firmware versions
Status affected
HerstellerSchneider Electric
Produkt EcoStruxure™ Power Automation System Gateway (EPAS-GTW)
Default Statusunaffected
Version Version 6.4.616.200.100 and prior
Status affected
HerstellerSchneider Electric
Produkt EcoStruxure™ Power Automation System User Interface (EPAS-UI)
Default Statusunaffected
Version Version 3.0.3 and prior
Status affected
HerstellerSchneider Electric
Produkt EcoStruxure™ Power Operation
Default Statusunaffected
Version Version 2022 CU6 and prior
Status affected
Version Version 2024 CU2 and prior
Status affected
HerstellerSchneider Electric
Produkt iPMFLS
Default Statusunaffected
Version Version 64.2025.0.13 and prior
Status affected
HerstellerSchneider Electric
Produkt PowerLogic™ P5 Protection Relay
Default Statusunaffected
Version V02.502.103 and prior
Status affected
HerstellerSchneider Electric
Produkt PowerLogic™ P7 Protection and Control Platform
Default Statusunaffected
Version V02.002.002 and prior
Status affected
HerstellerSchneider Electric
Produkt PowerLogic™ T300
Default Statusunaffected
Version Version 2.9.4 and prior
Status affected
HerstellerSchneider Electric
Produkt PowerLogic™ T500
Default Statusunaffected
Version Version 11.08.02 and prior
Status affected
HerstellerSchneider Electric
Produkt Saitel DP
Default Statusunaffected
Version Version 11.06.36 and prior
Status affected
HerstellerSchneider Electric
Produkt EasyLogic T150 (formerly Saitel DR)
Default Statusunaffected
Version Version 11.06.30 and prior
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.156
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cybersecurity@se.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.