Skip to main content

Ecostruxure Panel Server

1 CVEs product

Monthly

CVE-2026-6866 HIGH CISA Act Now

Schneider Electric EcoStruxure Panel Server can revert credentials to insecure default values under rare circumstances, allowing remote unauthenticated attackers to gain unauthorized access using known factory credentials. This CWE-1188 vulnerability enables complete confidential information disclosure (CVSS 8.2 High). Exploitation requires specific timing conditions (AT:P - Attack Timing: Present) to catch the window when credentials reset. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis, suggesting targeted rather than widespread exploitation risk.

Information Disclosure Ecostruxure Panel Server
NVD VulDB
CVSS 4.0
8.2
EPSS
0.1%
EPSS 0% CVSS 8.2
HIGH Act Now

Schneider Electric EcoStruxure Panel Server can revert credentials to insecure default values under rare circumstances, allowing remote unauthenticated attackers to gain unauthorized access using known factory credentials. This CWE-1188 vulnerability enables complete confidential information disclosure (CVSS 8.2 High). Exploitation requires specific timing conditions (AT:P - Attack Timing: Present) to catch the window when credentials reset. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis, suggesting targeted rather than widespread exploitation risk.

Information Disclosure Ecostruxure Panel Server
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy