Which versions of Schneider Electric Industrial Protection Relays are affected by EUVD-2026-29459?

CVE-2026-4827 affects 36 variants of Schneider Electric industrial protection relays and energy management systems, allowing authenticated attackers to hijack user sessions through predictable token…

Schneider Electric Industrial Protection Relays EUVD-2026-29459

Q: What is the CVSS score of EUVD-2026-29459?

EUVD-2026-29459 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-4827 HIGH

Insufficient Entropy (CWE-331)

2026-05-12 schneider

GHSA-r6x4-qp59-vf35

Authentication Bypass

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

May 12, 2026 - 15:01 vuln.today

CVSS changed

May 12, 2026 - 13:22 NVD

8.7 (HIGH)

CVE Published

May 12, 2026 - 12:24 nvd

UNKNOWN (no severity yet)

CVE Published

May 12, 2026 - 12:24 nvd

HIGH 8.7

DescriptionNVD

CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.

AnalysisAI

Weak session token generation in Schneider Electric industrial protection relays and energy management systems allows remote attackers to hijack authenticated user sessions via network-based prediction attacks. Affects 36 product variants across Easergy MiCOM P30/P40/C264, PowerLogic P5/P7/T-series, EcoStruxure Power Automation/Operation platforms, and iPMFLS systems. …

RemediationAI

Within 24 hours: Identify all Easergy MiCOM P30/P40/C264, PowerLogic P5/P7/T-series, EcoStruxure Power Automation/Operation, and iPMFLS systems in your environment using asset inventory; isolate affected devices to segregated network segments if operationally feasible. Within 7 days: Contact Schneider Electric support directly to confirm patch timeline and obtain interim security advisories; implement mandatory re-authentication for administrative sessions and deploy network-based session monitoring; restrict administrative access to approved personnel only with MFA where supported. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-29459 vulnerability details – vuln.today

Back

Schneider Electric Industrial Protection Relays EUVD-2026-29459

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Schneider Electric Industrial Protection Relays EUVD-2026-29459

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code