CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Schneider Electric Easergy MiCOM C264 unaffected
Version Status Constraints
Versions D6.x all versions affected
Versions D7.33 and prior affected
Schneider Electric Easergy C5 unaffected
Version Status Constraints
Version 1.1.17 and prior affected
Schneider Electric Easergy MiCOM P30 unaffected
Version Status Constraints
Easergy MiCOM P139 version prior to P139.678.700 affected
Easergy MiCOM P437 version prior to P437.678.700 affected
Easergy MiCOM P439 version prior to P439.678.700 affected
Easergy MiCOM P532 version prior to P532.678.700 affected
Easergy MiCOM P539 version prior to P539.678.700 affected
Easergy MiCOM P631 version prior to P631.678.700 affected
Easergy MiCOM P632 version prior to P632.678.700 affected
Easergy MiCOM P633 version prior to P633.678.700 affected
Easergy MiCOM P633 version P633.680.700 only affected
Easergy MiCOM P634 version prior to P634.678.700 affected
Easergy MiCOM P634 version P634.680.700 only affected
Easergy MiCOM P138 version prior to P138.677.700 affected
Easergy MiCOM P436 version prior to P436.677.701 affected
Easergy MiCOM P438 version prior to P438.677.701 affected
Easergy MiCOM P638 version prior to P638.677.700 affected
Easergy MiCOM C434 version prior to C434.679.700 affected
Schneider Electric Easergy MiCOM P40 unaffected
Version Status Constraints
P_ 4_ _ _ _ _ G_ _ _ _ _ M affected
P_ 4_ _ _ _ _ H_ _ _ _ _ M affected
P_ 4_ _ _ _ _ L _ _ _ _ _ M affected
P_ 4_ _ _ _ _ G_ _ _ _ _ L affected
P_ 4_ _ _ _ _ H_ _ _ _ _ L affected
P_ 4_ _ _ _ _ L _ _ _ _ _ L affected
Schneider Electric EcoStruxure™ Power Automation System Gateway (EPAS-GTW) unaffected
Version Status Constraints
Version 6.4.616.200.100 and prior affected
Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI) unaffected
Version Status Constraints
Version 3.0.3 and prior affected
Schneider Electric EcoStruxure™ Power Operation unaffected
Version Status Constraints
Version 2022 CU6 and prior affected
Version 2024 CU2 and prior affected
Schneider Electric iPMFLS unaffected
Version Status Constraints
Version 64.2025.0.13 and prior affected
Schneider Electric PowerLogic™ P5 Protection Relay unaffected
Version Status Constraints
V02.502.103 and prior affected
Schneider Electric PowerLogic™ P7 Protection and Control Platform unaffected
Version Status Constraints
V02.002.002 and prior affected
Schneider Electric PowerLogic™ T300 unaffected
Version Status Constraints
Version 2.9.4 and prior affected
Schneider Electric PowerLogic™ T500 unaffected
Version Status Constraints
Version 11.08.02 and prior affected
Schneider Electric Saitel DP unaffected
Version Status Constraints
Version 11.06.36 and prior affected
Schneider Electric EasyLogic T150 (formerly Saitel DR) unaffected
Version Status Constraints
Version 11.06.30 and prior affected

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-02.pdf cve-icon cve-icon
History

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 12:45:00 +0000

Type Values Removed Values Added
Description CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
Title Insufficient Entropy vulnerability on Multiple Products
Weaknesses CWE-331
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2026-05-12T12:39:31.579Z

Reserved: 2026-03-25T14:07:29.111Z

Link: CVE-2026-4827

cve-icon Vulnrichment

Updated: 2026-05-12T12:39:06.306Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T13:17:35.510

Modified: 2026-05-12T14:19:41.400

Link: CVE-2026-4827

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T13:30:16Z

Weaknesses