Skip to main content

Easergy Micom P30

1 CVEs product

Monthly

CVE-2026-4827 HIGH CISA This Week

Weak session token generation in Schneider Electric industrial protection relays and energy management systems allows remote attackers to hijack authenticated user sessions via network-based prediction attacks. Affects 36 product variants across Easergy MiCOM P30/P40/C264, PowerLogic P5/P7/T-series, EcoStruxure Power Automation/Operation platforms, and iPMFLS systems. CVSS 8.7 reflects high confidentiality and integrity impact with user interaction required. No active exploitation confirmed (not in CISA KEV), but authentication bypass via session prediction enables privilege escalation in critical infrastructure environments. EPSS data not provided - risk assessment relies on CVSS vector and operational technology context.

Authentication Bypass Easergy Micom C264 Easergy C5 Easergy Micom P30 Easergy Micom P40 +10
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
EPSS 0% CVSS 8.7
HIGH This Week

Weak session token generation in Schneider Electric industrial protection relays and energy management systems allows remote attackers to hijack authenticated user sessions via network-based prediction attacks. Affects 36 product variants across Easergy MiCOM P30/P40/C264, PowerLogic P5/P7/T-series, EcoStruxure Power Automation/Operation platforms, and iPMFLS systems. CVSS 8.7 reflects high confidentiality and integrity impact with user interaction required. No active exploitation confirmed (not in CISA KEV), but authentication bypass via session prediction enables privilege escalation in critical infrastructure environments. EPSS data not provided - risk assessment relies on CVSS vector and operational technology context.

Authentication Bypass Easergy Micom C264 Easergy C5 +12
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy