Description
CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the device if they have physical access to the device.
Published: 2026-06-25
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an insufficiently protected credentials flaw that allows an unauthenticated attacker to retrieve credentials from firmware or system files. With those credentials, an attacker who can physically reach the device can log in and take full control, potentially altering configuration, exfiltrating data, or causing operational disruption. The flaw enables the attacker to bypass normal authentication mechanisms, effectively compromising the device at a trust level that otherwise would require legitimate access.

Affected Systems

Schneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller and Schneider Electric Saitel DP Remote Terminal Unit & Controller are the affected products. No specific firmware or software version numbers are listed in the advisory, so all deployed units could be vulnerable until an update is applied.

Risk and Exploitability

The CVSS score of 8.7 marks a high severity, and the vulnerability is not listed in CISA’s KEV catalog, indicating no known large‑scale exploitation. The EPSS value is unavailable, but the vendor notes that only an attacker who already has physical access to the unit can use the retrieved credentials to compromise it. Thus the risk is primarily limited to environments where the units are reachable physically or exposed to a local network that can be breached. No public exploit has been reported; however, the high CVSS rating means diligent assessment and mitigation are recommended.

Generated by OpenCVE AI on June 25, 2026 at 16:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the unit firmware to the latest Schneider Electric release that secures stored credentials.
  • Restrict physical access to the devices by securing the installation environment and applying lockout controls.
  • Change default or exposed credentials and enable encrypted management protocols to prevent credential reuse.

Generated by OpenCVE AI on June 25, 2026 at 16:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Title Unauthorized access via exposed firmware credentials in Schneider Electric remote terminals

Thu, 25 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the device if they have physical access to the device.
Weaknesses CWE-522
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2026-06-25T15:49:18.212Z

Reserved: 2026-05-26T19:45:16.940Z

Link: CVE-2026-9650

cve-icon Vulnrichment

Updated: 2026-06-25T15:49:14.392Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:45:03Z

Weaknesses
  • CWE-522

    Insufficiently Protected Credentials