Description
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
Published: 2026-04-14
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Unauthorized access to sensitive device information
Action: Apply Patch
AI Analysis

Impact

A hard‑coded credential flaw allows an attacker who can query the SNMP interface to impersonate an authorized user and read or modify sensitive configuration and status data. The flaw is a classic case of hard‑coded passwords (CWE‑798) and enables non‑authenticated access to device information.

Affected Systems

Schneider Electric Easergy MiCOM series, including models P14x, P24x, P341‑P345, P442‑P446, P543‑P546, P642, P643, P645, P741‑P743, P746, P841, and P849. Versions are not enumerated in the advisory, so all firmware builds shipped with hard‑coded SNMP credentials are potentially affected.

Risk and Exploitability

The CVSS base score of 6.9 indicates moderate to high severity. No exploit probability score (EPSS) is available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote access to the SNMP port; a remote attacker can connect from any network that can reach the device and without prior authentication exploit the hard‑coded credentials to read device data.

Generated by OpenCVE AI on April 14, 2026 at 16:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a version that removes or amends the hard‑coded SNMP credentials.
  • Disable or lock the SNMP service if it is not required.
  • Configure SNMP access control lists to restrict queries to trusted IP addresses.
  • Change any manually configured SNMP communities or passwords to unique, strong values.
  • Verify the update with the vendor’s release notes and test functionality after applying the patch.

Generated by OpenCVE AI on April 14, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Hard‑coded SNMP Credentials Enable Unauthorized Device Access

Tue, 14 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2026-04-14T18:16:06.726Z

Reserved: 2026-03-25T14:13:10.490Z

Link: CVE-2026-4832

cve-icon Vulnrichment

Updated: 2026-04-14T18:15:58.207Z

cve-icon NVD

Status : Received

Published: 2026-04-14T16:16:48.167

Modified: 2026-04-14T16:16:48.167

Link: CVE-2026-4832

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:30:23Z

Weaknesses