CVE-2026-4827 - Vulnerability Details - OpenCVE

CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-02.pdf

History

Tue, 12 May 2026 12:45:00 +0000

Type	Values Removed	Values Added
Description		CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
Title		Insufficient Entropy vulnerability on Multiple Products
Weaknesses		CWE-331
References		https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-02.pdf
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2026-05-12T12:24:22.928Z

Updated: 2026-05-12T12:39:31.579Z

Reserved: 2026-03-25T14:07:29.111Z

Link: CVE-2026-4827

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-12T13:17:35.510

Modified: 2026-05-12T13:17:35.510

Link: CVE-2026-4827

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-12T13:30:16Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4827", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2026-03-25T14:07:29.111Z", "datePublished": "2026-05-12T12:24:22.928Z", "dateUpdated": "2026-05-12T12:39:31.579Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2026-05-12T12:24:22.928Z"}, "title": "Insufficient Entropy vulnerability on Multiple Products", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-331", "description": "CWE-331 Insufficient entropy", "type": "CWE"}]}], "affected": [{"vendor": "Schneider Electric", "product": "Easergy MiCOM C264", "versions": [{"status": "affected", "version": "Versions D6.x all versions"}, {"status": "affected", "version": "Versions D7.33 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy C5", "versions": [{"status": "affected", "version": "Version 1.1.17 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P30", "modules": ["All MiCOM P30 devices with Advanced Cyber Security (module or feature)"], "versions": [{"status": "affected", "version": "Easergy MiCOM P139 version prior to P139.678.700"}, {"status": "affected", "version": "Easergy MiCOM P437 version prior to P437.678.700"}, {"status": "affected", "version": "Easergy MiCOM P439 version prior to P439.678.700"}, {"status": "affected", "version": "Easergy MiCOM P532 version prior to P532.678.700"}, {"status": "affected", "version": "Easergy MiCOM P539 version prior to P539.678.700"}, {"status": "affected", "version": "Easergy MiCOM P631 version prior to P631.678.700"}, {"status": "affected", "version": "Easergy MiCOM P632 version prior to P632.678.700"}, {"status": "affected", "version": "Easergy MiCOM P633 version prior to P633.678.700"}, {"status": "affected", "version": "Easergy MiCOM P633 version P633.680.700 only"}, {"status": "affected", "version": "Easergy MiCOM P634 version prior to P634.678.700"}, {"status": "affected", "version": "Easergy MiCOM P634 version P634.680.700 only"}, {"status": "affected", "version": "Easergy MiCOM P138 version prior to P138.677.700"}, {"status": "affected", "version": "Easergy MiCOM P436 version prior to P436.677.701"}, {"status": "affected", "version": "Easergy MiCOM P438 version prior to P438.677.701"}, {"status": "affected", "version": "Easergy MiCOM P638 version prior to P638.677.700"}, {"status": "affected", "version": "Easergy MiCOM C434 version prior to C434.679.700"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P40", "modules": ["Easergy MiCOM P40 Series model numbers with Protocol Option bit as G, H, or L and all firmware versions"], "versions": [{"status": "affected", "version": "P_ 4_ _ _ _ _ G_ _ _ _ _ M"}, {"status": "affected", "version": "P_ 4_ _ _ _ _ H_ _ _ _ _ M"}, {"status": "affected", "version": "P_ 4_ _ _ _ _ L _ _ _ _ _ M"}, {"status": "affected", "version": "P_ 4_ _ _ _ _ G_ _ _ _ _ L"}, {"status": "affected", "version": "P_ 4_ _ _ _ _ H_ _ _ _ _ L"}, {"status": "affected", "version": "P_ 4_ _ _ _ _ L _ _ _ _ _ L"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "EcoStruxure\u2122 Power Automation System Gateway (EPAS-GTW)", "versions": [{"status": "affected", "version": "Version 6.4.616.200.100 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "EcoStruxure Power Automation System User Interface (EPAS-UI)", "versions": [{"status": "affected", "version": "Version 3.0.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "EcoStruxure\u2122 Power Operation", "versions": [{"status": "affected", "version": "Version 2022 CU6 and prior"}, {"status": "affected", "version": "Version 2024 CU2 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "iPMFLS", "versions": [{"status": "affected", "version": "Version 64.2025.0.13 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "PowerLogic\u2122 P5 Protection Relay", "versions": [{"status": "affected", "version": "V02.502.103 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "PowerLogic\u2122 P7 Protection and Control Platform", "versions": [{"status": "affected", "version": "V02.002.002 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "PowerLogic\u2122 T300", "versions": [{"status": "affected", "version": "Version 2.9.4 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "PowerLogic\u2122 T500", "versions": [{"status": "affected", "version": "Version 11.08.02 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Saitel DP", "versions": [{"status": "affected", "version": "Version 11.06.36 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "EasyLogic T150 (formerly Saitel DR)", "versions": [{"status": "affected", "version": "Version 11.06.30 and prior"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "CWE\u2011331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session\u2011management protections.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "CWE\u2011331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session\u2011management protections."}]}], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-02.pdf"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-12T12:39:02.210471Z", "id": "CVE-2026-4827", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-12T12:39:31.579Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CWE\u2011331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session\u2011management protections."}], "id": "CVE-2026-4827", "lastModified": "2026-05-12T13:17:35.510", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2026-05-12T13:17:35.510", "references": [{"source": "cybersecurity@se.com", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-02.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-331"}], "source": "cybersecurity@se.com", "type": "Primary"}]}