Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
AnalysisAI
Schneider Electric Easergy MiCOM protective relays contain hard-coded SNMP credentials that allow unauthenticated remote attackers to access sensitive device information and system configurations. An attacker can directly query the SNMP port (UDP 161) without authentication to retrieve operational data, relay status, and device parameters. This vulnerability affects 12 product lines across multiple versions and is classified as an authentication bypass with a CVSS 6.9 (medium-to-high confidentiality impact).
Technical ContextAI
The vulnerability stems from CWE-798 (Use of Hard-coded Credentials), a well-known weakness where authentication secrets are embedded in firmware or software rather than dynamically managed. Schneider Electric's Easergy MiCOM line are industrial protective relays-microprocessor-based devices used in electrical substations and power distribution networks to detect faults and trip circuit breakers. These devices expose SNMP (Simple Network Management Protocol) interfaces for remote monitoring and diagnostics. SNMP communities (akin to passwords) control access to Management Information Base (MIB) objects, but when credentials are hard-coded, any network-accessible device becomes readable to any attacker who can reach UDP port 161. The CVSS vector (AV:N/AC:L/PR:N) confirms network-based unauthenticated access with low attack complexity-the attacker only needs network connectivity and a standard SNMP client tool. The VC:L rating indicates confidentiality loss is limited (sensitive device data, not full system compromise), but in critical infrastructure contexts, even partial data disclosure can enable reconnaissance for follow-on attacks.
RemediationAI
Immediately upgrade all affected Easergy MiCOM relays to the minimum patched firmware versions specified by product line: P14x to B4A or later, P24x to D3A or later, P341 to E3F or later, P342/P343/P344/P345 to B3F or later, P442/P444 to E3A or later, P443/P445/P446/P543/P544/P545/P546 to H6A or later, P642/P645 to B4A or later, P643 to B3F or later, P741/P742/P743 to B2A or later, P746 to B4E or C4E or later, P841 to G6A or later, and P849 to B4A or later. As an interim workaround pending firmware updates, implement network access controls to restrict SNMP traffic to the MiCOM relays: use firewall rules to block UDP port 161 from untrusted networks, segment relay networks from general IT infrastructure, and monitor for unauthorized SNMP queries. Consult Schneider Electric SEVD-2026-104-03 for detailed upgrade procedures and firmware availability for each product line.
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22310