Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products
Schneider Electric products have an Insufficient Entropy vulnerability (CVE-2026-4827).
Summary
Schneider Electric has disclosed a critical vulnerability, CVE-2026-4827, affecting numerous products across its Easergy, EcoStruxure, PowerLogic, and Saitel lines. This 'Insufficient Entropy' flaw could allow network attackers to exploit session management weaknesses, leading to unauthorized access and disruption of operations. The company has released patches and firmware updates for many affected products, urging customers to apply them promptly and implement network segmentation and session timeout mitigations.
Full text
ICS Advisory Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products Release DateJune 18, 2026 Alert CodeICSA-26-169-07 Related topics: Industrial Control System Vulnerabilities , Industrial Control Systems View CSAF Summary Schneider Electric is aware of vulnerabilities in its PowerChute™ Serial Shutdown product. The [PowerChute Serial Shutdown](https://www.se.com/ww/en/product-range/137943580-powerchute-serial-shutdown/#products) product is a UPS management software enabling graceful system shutdown and energy management capabilities for desktop, servers and workstations. Failure to apply the remediation provided below may risk improper input validation which could result in disruption of operations and access to system data. The following versions of Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products are affected: Easergy MiCOM C264 vers:generic/<=D7.33 (CVE-2026-4827) Easergy MiCOM P139 vers:generic/<=P139.678.700 (CVE-2026-4827) Easergy MiCOM P437 vers:generic/<=P437.678.700 (CVE-2026-4827) Easergy MiCOM P439 vers:generic/<=P439.678.700 (CVE-2026-4827) Easergy MiCOM P532 vers:generic/<=P532.678.700 (CVE-2026-4827) Easergy MiCOM P539 vers:generic/<=P539.678.700 (CVE-2026-4827) Easergy MiCOM P631 vers:generic/<=P631.678.700 (CVE-2026-4827) Easergy MiCOM P632 vers:generic/<=P632.678.700 (CVE-2026-4827) Easergy MiCOM P633 vers:generic/<=P633.678.700 (CVE-2026-4827) Easergy MiCOM P634 vers:generic/<=P634.678.700 (CVE-2026-4827) Easergy MiCOM P633 P633.680.700 (CVE-2026-4827) Easergy MiCOM P634 P634.680.700 (CVE-2026-4827) Easergy MiCOM P138 vers:generic/<=P138.677.700 (CVE-2026-4827) Easergy MiCOM P436 vers:generic/<=P436.677.701 (CVE-2026-4827) Easergy MiCOM P438 vers:generic/<=P438.677.701 (CVE-2026-4827) Easergy MiCOM P638 vers:generic/<=P638.677.700 (CVE-2026-4827) Easergy MiCOM C434 vers:generic/<=C434.679.700 (CVE-2026-4827) EcoStruxure Power Automation System Gateway (EPAS-GTW) vers:intdot/<=6.4.616.200.100 (CVE-2026-4827) EcoStruxure Power Automation System User Interface (EPAS-UI) vers:intdot/<=3.0.3 (CVE-2026-4827) EcoStruxure Power Operation vers:generic/<=2022_CU6 (CVE-2026-4827) EcoStruxure Power Operation vers:generic/<=2024_CU2 (CVE-2026-4827) iPMFLS vers:intdot/<=64.2025.0.13 (CVE-2026-4827) PowerLogic P5 Protection Relay vers:intdot/<=02.502.103 (CVE-2026-4827) PowerLogic P7 Protection and Control Platform vers:intdot/<=02.002.002 (CVE-2026-4827) PowerLogic T300 vers:intdot/<=2.9.4 (CVE-2026-4827) PowerLogic T500 vers:intdot/<=11.08.02 (CVE-2026-4827) Saitel DP vers:intdot/<=11.06.36 () EasyLogic T150 (formerly Saitel DR) vers:intdot/<=11.06.30 () Easergy MiCOM C264 D7.34 () Easergy C5 vers:intdot/<=1.1.17 (CVE-2026-4827) Easergy C5 1.1.18 () Easergy MiCOM P139 version P139.678.700 () Easergy MiCOM P439 P439.678.700 () Easergy MiCOM P539 P539.678.700 () Easergy MiCOM P632 P632.678.700 () Easergy MiCOM P633 P633.680.701 () Easergy MiCOM P634 P634.680.701 () Easergy MiCOM P633 P633.678.700 () Easergy MiCOM P138 P138.677.701 () Easergy MiCOM C434 C434.679.700 () Saitel DR 11.06.31 () EcoStruxure Power Automation System Gateway (EPAS-GTW) 6.4.610.500.101 () EcoStruxure Power Automation Automation System User Interface (EPAS-UI) 3.0.4 () EcoStruxure Power Operation 2022_CU7 () EcoStruxure Power Operation (EPO) 2024_CU3 () iPMFLS 64.2025.0.14 () PowerLogic P5 Protection Relay 02.503.101 () PowerLogic P7 Protection and Control Platform 02.003.001 () PowerLogic T300 2.9.5 () PowerLogic T500 11.08.03 () Saitel DP 11.06.37 () Easergy MiCOM P40 Series vers:all/* (CVE-2026-4827) CVSS Vendor Equipment Vulnerabilities v3 8.3 Schneider Electric Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products Insufficient Entropy Background Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-4827 CWE-331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections. View CVE Details Affected Products Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products Vendor:Schneider Electric Product Version:Easergy MiCOM C264 Versions D7.33 and prior, Easergy MiCOM P139 version prior to P139.678.700, Easergy MiCOM P437 version prior to P437.678.700, Easergy MiCOM P439 version prior to P439.678.700, Easergy MiCOM P532 version prior to P532.678.700, Easergy MiCOM P539 version prior to P539.678.700, Easergy MiCOM P631 version prior to P631.678.700, Easergy MiCOM P632 version prior to P632.678.700, Easergy MiCOM P633 version prior to P633.678.700, Easergy MiCOM P634 version prior to P634.678.700, Easergy MiCOM P633 version P633.680.700, Easergy MiCOM P634 version P634.680.700 , Easergy MiCOM P138 version prior to P138.677.700, Easergy MiCOM P436 version prior to P436.677.701, Easergy MiCOM P438 version prior to P438.677.701, Easergy MiCOM P638 version prior to P638.677.700, Easergy MiCOM C434 version prior to C434.679.700, EcoStruxure Power Automation System Gateway (EPAS-GTW) Version 6.4.616.200.100 and prior, EcoStruxure Power Automation System User Interface (EPAS-UI) Version 3.0.3 and prior, EcoStruxure Power Operation (EPO) 2022 CU6 and prior, EcoStruxure Power Operation (EPO) 2024 CU2 and prior, iPMFLS Version 64.2025.0.13 and prior, PowerLogic P5 Protection Relay V02.502.103 and prior, PowerLogic P7 Protection and Control Platform V02.002.002 and prior, PowerLogic T300 Version 2.9.4 and prior, PowerLogic T500 Version 11.08.02 and prior, Easergy C5 Version 1.1.17 and prior, Easergy MiCOM P40 Series model numbers with Protocol Option bit as G, H or L and all firmware versions Product Status:fixed, known_affected Remediations Vendor fixVersion D7.34 of MiCOM C264 includes a fix for this vulnerability. Contact Schneider Electric’s Customer Care Center for information on how to contact your local Application Center to update the device. Reboot is required Vendor fixVersion 1.1.18 of Easergy C5 includes a fix for this vulnerability. Contact Schneider Electric’s Customer Care Center for information on how to contact your local Application Center to update the device. Reboot is required Vendor fixVersion P139.678.700 Easergy MiCOM P139 includes a fix for this vulnerability. Contact Schneider Electric’s Customer Care Center for information on how to contact your local Application Center to update the device. Vendor fixVersion P439.678.700 Easergy MiCOM P439 includes a fix for this vulnerability. Contact Schneider Electric’s Customer Care Center for information on how to contact your local Application Center to update the device. Vendor fixVersion P539.678.700 Easergy MiCOM P539 includes a fix for this vulnerability. Contact Schneider Electric’s Customer Care Center for information on how to contact your local Application Center to update the device. Vendor fixVersion P632.678.700 Easergy MiCOM P632 includes a fix for this vulnerability. Contact Schneider Electric’s Customer Care Center for information on how to contact your local Application Center to update the device. Vendor fixVersion P633.678.700 Easergy MiCOM P633 includes a fix for this vulnerability. Contact Schneider Electric’s Customer Care Center for information on how to contact your local Application Center to update the device. Vendor fixVersion P634.680.701 Easergy MiCOM P634 includes a fix for this vulnerability. Contact Schneider Electric’s Customer Care Center for information on how to contact your local Application Center to update the device. Vendor fixVersion P633.680.701 Easergy MiCOM P633 includes a fix for this vulnerability. Contact Schneider Electric’s Customer Care Center for information on how to contact your local Application Center to update the device. Vendor fixVersion P138.677.701 Easergy MiCOM P138 includes a fix for this vulnerability. Contact Schneider E
Indicators of Compromise
- cve — CVE-2026-4827