Schneider Easergy, EcoStruxure, PowerLogic, Saitel face CVE-2026-4827
A single session-management flaw now reaches relays, gateways and power software, making version accuracy the control that matters first.
TL;DR
Defense-industrial-base operators, state CISOs and municipal IT teams running Schneider Electric relays, automation gateways or power-management software need to check affected versions against ICSA-26-169-07. CISA rates CVE-2026-4827 at CVSS v3 8.3; the advisory describes improper input validation and a CWE-331 insufficient-entropy flaw in session-management protections that could allow network-based unauthorized access, operational disruption and access to system data. Breadth is the problem: one vendor portfolio now creates a long OT remediation queue.
For operators, this starts as an asset inventory problem. ICSA-26-169-07 covers more than 35 Schneider Electric product/version entries, including Easergy MiCOM C264 and P-series/P40 devices, EcoStruxure EPAS-GTW, EPAS-UI and Power Operation, iPMFLS, PowerLogic P5/P7/T300/T500, Easergy C5, Saitel DP and EasyLogic T150/Saitel DR. CISA’s background lists Chemical, Critical Manufacturing, Energy, and Water and Wastewater, with worldwide deployment.
The advisory text needs a precise read. Its summary describes improper input validation that could result in disruption of operations and access to system data. Its vulnerability entry assigns CVE-2026-4827 to CWE-331, Insufficient Entropy, and says weak session-management protections could let an attacker on the network gain unauthorized access. That supports high-priority triage. It leaves deployment planning to the operator: CISA lists CVSS v3 8.3 and fixed or affected status, while attack-vector detail and a single timeline for all affected versions are absent from the public text.
The remediation work is product-by-product. Named fixed releases include MiCOM C264 D7.34, Easergy C5 1.1.18, EcoStruxure Power Operation 2022 CU7 and 2024 CU3, iPMFLS 64.2025.0.14, PowerLogic P5 02.503.101, P7 02.003.001, T300 2.9.5, T500 11.08.03, Saitel DP 11.06.37 and Saitel DR 11.06.31. Several MiCOM fixes route through Schneider Electric Customer Care and local application centers, and at least the C264 and Easergy C5 fixes require reboot. That pushes the advisory from spreadsheet risk into maintenance-window planning.
The portfolio point matters for assessors and CISOs. Schneider’s footprint means a single CVE can cross protection relays, gateways and power operations software in the same environment. Ask for version evidence, remediation tickets, compensating network isolation where fixes wait, and reboot/change-window records. For municipal and facility OT, the practical question is whether every affected Schneider device is visible before the next scan or incident turns discovery into triage.
Published ·Deep Fathom