Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Extracting credentials from firmware/system files and the stated physical-access requirement imply local proximity (AV:L), no auth (PR:N), and confidentiality-only impact (C:H, I/A:N).
Primary rating from Vendor (schneider).
CVSS VectorVendor: schneider
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the device if they have physical access to the device.
AnalysisAI
Credential exposure in Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units & Controllers allows an unauthenticated attacker to recover credentials that are insufficiently protected within device firmware or system files (CWE-522). The recovered credentials can then be used to fully compromise the device when the attacker also has physical access. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The credential-disclosure step requires the attacker to access credentials stored within the device firmware or system files of the EasyLogic T150 / Saitel DP RTU - i.e., the attacker must be able to read those firmware images or system files. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are partially conflicting and should be reconciled before prioritization. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker obtains a firmware image or reads system files from a Saitel DP / EasyLogic T150 RTU and extracts the insufficiently protected credentials stored within. With those credentials and physical access to the field device, the attacker authenticates and takes control of the RTU to manipulate the controlled process. … |
| Remediation | Apply the fixed firmware/version specified in Schneider Electric advisory SEVD-2026-160-02 (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf); no exact fixed version number is provided in the supplied data, so treat the advisory as the authoritative source for the patched build and rotate any credentials that may have been exposed after updating. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all EasyLogic T150 and Saitel DP devices in operation and assess physical security controls around affected systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Incorrect file permission assignment on Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Term
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause un
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39430
GHSA-w2q4-93g6-j5vm