8.2
CVE-2026-6866
- EPSS 0.29%
- Veröffentlicht 12.05.2026 13:59:33
- Zuletzt bearbeitet 24.06.2026 15:17:05
- Quelle cybersecurity@se.com
- CVE-Watchlists
- Unerledigt
Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Schneider-electric ≫ Ecostruxure Panel Server Pas400 Firmware Version < 002.006.000
Schneider-electric ≫ Ecostruxure Panel Server Pas600 Firmware Version < 002.006.000
Schneider-electric ≫ Ecostruxure Panel Server Pas600v2 Firmware Version < 002.006.000
Schneider-electric ≫ Ecostruxure Panel Server Pas800 Firmware Version < 002.006.000
Schneider-electric ≫ Ecostruxure Panel Server Pas800v2 Firmware Version < 002.006.000
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.208 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| cybersecurity@se.com | 8.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-1188 Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-04.pdf