Description
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
Published: 2026-04-14
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to sensitive device information
Action: Apply Patch
AI Analysis

Impact

A hard‑coded credential flaw allows an attacker who can query the SNMP interface to impersonate an authorized user and read or modify sensitive configuration and status data. The flaw is a classic case of hard‑coded passwords (CWE‑798) and enables non‑authenticated access to device information.

Affected Systems

Schneider Electric Easergy MiCOM series, including models P14x, P24x, P341‑P345, P442‑P446, P543‑P546, P642, P643, P645, P741‑P743, P746, P841, and P849. Versions are not enumerated in the advisory, so all firmware builds shipped with hard‑coded SNMP credentials are potentially affected.

Risk and Exploitability

The CVSS base score of 6.9 indicates moderate to high severity. No exploit probability score (EPSS) is available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote access to the SNMP port; a remote attacker can connect from any network that can reach the device and without prior authentication exploit the hard‑coded credentials to read device data.

Generated by OpenCVE AI on April 14, 2026 at 16:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a version that removes or amends the hard‑coded SNMP credentials.
  • Disable or lock the SNMP service if it is not required.
  • Configure SNMP access control lists to restrict queries to trusted IP addresses.
  • Change any manually configured SNMP communities or passwords to unique, strong values.
  • Verify the update with the vendor’s release notes and test functionality after applying the patch.

Generated by OpenCVE AI on April 14, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Schneider-electric
Schneider-electric easergy P14x
Schneider-electric easergy P24x
Schneider-electric easergy P341
Schneider-electric easergy P342
Schneider-electric easergy P343
Schneider-electric easergy P344
Schneider-electric easergy P345
Schneider-electric easergy P442
Schneider-electric easergy P443
Schneider-electric easergy P444
Schneider-electric easergy P445
Schneider-electric easergy P446
Schneider-electric easergy P543
Schneider-electric easergy P544
Schneider-electric easergy P545
Schneider-electric easergy P546
Schneider-electric easergy P642
Schneider-electric easergy P643
Schneider-electric easergy P645
Schneider-electric easergy P741
Schneider-electric easergy P742
Schneider-electric easergy P743
Schneider-electric easergy P746
Schneider-electric easergy P841
Schneider-electric easergy P849
Vendors & Products Schneider-electric
Schneider-electric easergy P14x
Schneider-electric easergy P24x
Schneider-electric easergy P341
Schneider-electric easergy P342
Schneider-electric easergy P343
Schneider-electric easergy P344
Schneider-electric easergy P345
Schneider-electric easergy P442
Schneider-electric easergy P443
Schneider-electric easergy P444
Schneider-electric easergy P445
Schneider-electric easergy P446
Schneider-electric easergy P543
Schneider-electric easergy P544
Schneider-electric easergy P545
Schneider-electric easergy P546
Schneider-electric easergy P642
Schneider-electric easergy P643
Schneider-electric easergy P645
Schneider-electric easergy P741
Schneider-electric easergy P742
Schneider-electric easergy P743
Schneider-electric easergy P746
Schneider-electric easergy P841
Schneider-electric easergy P849

Tue, 14 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Hard‑coded SNMP Credentials Enable Unauthorized Device Access

Tue, 14 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Schneider-electric Easergy P14x Easergy P24x Easergy P341 Easergy P342 Easergy P343 Easergy P344 Easergy P345 Easergy P442 Easergy P443 Easergy P444 Easergy P445 Easergy P446 Easergy P543 Easergy P544 Easergy P545 Easergy P546 Easergy P642 Easergy P643 Easergy P645 Easergy P741 Easergy P742 Easergy P743 Easergy P746 Easergy P841 Easergy P849
cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2026-04-14T18:16:06.726Z

Reserved: 2026-03-25T14:13:10.490Z

Link: CVE-2026-4832

cve-icon Vulnrichment

Updated: 2026-04-14T18:15:58.207Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-14T16:16:48.167

Modified: 2026-04-17T15:11:35.840

Link: CVE-2026-4832

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:03:02Z

Weaknesses