Skip to main content

EasyLogic T150 / Saitel RTU CVE-2026-9651

| EUVDEUVD-2026-39431 MEDIUM
Incorrect Permission Assignment for Critical Resource (CWE-732)
2026-06-25 schneider GHSA-633j-w347-p8v6
6.7
CVSS 4.0 · Vendor: schneider
Share

Severity by source

Vendor (schneider) PRIMARY
6.7 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.4 MEDIUM

Local attack vector with high privileges required; only confidentiality is impacted via hash disclosure; no integrity or availability effect.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (schneider).

CVSS VectorVendor: schneider

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 16:23 vuln.today

DescriptionCVE.org

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files.

AnalysisAI

Incorrect file permission assignment on Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units exposes password hashes stored in system files to unauthorized reading by privileged local users. An attacker who has already obtained privileged local access to the RTU can read these improperly protected files, extract credential hashes, and perform offline cracking to achieve account compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain privileged local access to RTU
Delivery
Locate improperly permissioned system files
Exploit
Read password hash file contents
Execution
Perform offline hash cracking
Impact
Compromise additional accounts or pivot laterally

Vulnerability AssessmentAI

Exploitation Exploitation requires an attacker to have privileged local access to the affected RTU (PR:H per the CVSS 4.0 vector, AV:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N yields a score of 6.7, accurately capturing the constrained attack surface: exploitation requires local access with high privileges already in hand, meaning an attacker must have substantially compromised the device before this vulnerability becomes relevant. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has gained privileged local access to an EasyLogic T150 or Saitel DP RTU - whether through physical console access, a compromised maintenance account, or prior exploitation of another vulnerability - navigates to the improperly protected system file containing password hashes and reads its contents. The extracted hashes are then subjected to offline dictionary or brute-force cracking, yielding plaintext credentials that can be used to authenticate to the RTU or to other OT devices where passwords are reused. …
Remediation Consult Schneider Electric Security Advisory SEVD-2026-160-02, available at https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf, for the primary remediation guidance including any patched firmware version. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9651 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy