6.7
CVE-2026-9651
- EPSS 0.11%
- Veröffentlicht 25.06.2026 14:47:24
- Zuletzt bearbeitet 25.06.2026 19:10:00
- Quelle cybersecurity@se.com
- CVE-Watchlists
- Unerledigt
CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSchneider Electric
≫
Produkt
EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller
Default Statusunaffected
Version
Version 11.06.31 and prior
Status
affected
HerstellerSchneider Electric
≫
Produkt
Saitel DP Remote Terminal Unit & Controller
Default Statusunaffected
Version
Version 11.06.37 and prior
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.013 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cybersecurity@se.com | 6.7 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf