Description
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials.
Published: 2026-05-12
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability originates from improper initialization of resources with insecure defaults. If credentials revert to initial defaults in rare circumstances, an attacker can observe and exploit known credentials to authenticate. This could expose sensitive configuration or data. Because it is a CWE‑1188, the flaw stems from a resource misconfiguration rather than code.

Affected Systems

Schneider Electric's EcoStruxure Panel Server is the affected product. No specific version information is provided, so all firmware releases of the Panel Server should be considered potentially affected until a vendor advisory specifies otherwise.

Risk and Exploitability

The CVSS score of 8.2 classifies this issue as high severity. No EPSS score is available, and the vulnerability is not listed in CISA KEV, implying it is not a known exploited vulnerability yet. The attack vector is not explicitly defined in the description; based on the nature of the flaw, it is inferred that an attacker with network access to the Panel Server might exploit the default credentials if they somehow trigger the reset to factory settings.

Generated by OpenCVE AI on May 12, 2026 at 16:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑provided patch or firmware update that addresses this vulnerability.
  • Change all default credentials on the EcoStruxure Panel Server immediately, using strong, unique passwords and disabling unused accounts.
  • Restrict network access to the Panel Server to trusted administrative networks and optionally enable two‑factor authentication if supported.
  • Monitor authentication logs for failed or successful logins that use default credentials and investigate any anomalies.

Generated by OpenCVE AI on May 12, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 15:00:00 +0000

Type Values Removed Values Added
Description CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials.
Title Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server
Weaknesses CWE-1188
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2026-05-12T15:43:40.858Z

Reserved: 2026-04-22T16:17:46.134Z

Link: CVE-2026-6866

cve-icon Vulnrichment

Updated: 2026-05-12T15:43:34.723Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T15:16:16.570

Modified: 2026-05-12T16:38:24.040

Link: CVE-2026-6866

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T16:30:19Z

Weaknesses