CISA Warns of Insufficient Entropy Flaw in Dozens of Schneider Electric Products
CISA issued an advisory for CVE-2026-4827, an insufficient entropy vulnerability affecting dozens of Schneider Electric products across Easergy, EcoStruxure, PowerLogic, and Saitel lines, potentially allowing unauthenticated network attackers to bypass session management.
CISA has published an advisory (ICSA-26-169-07) warning of a critical vulnerability, CVE-2026-4827, affecting a wide range of Schneider Electric industrial control products. The flaw, classified as CWE-331 (Insufficient Entropy), could allow an unauthenticated attacker on the network to bypass session-management protections and gain unauthorized access to affected devices. The advisory covers products spanning the Easergy MiCOM relay series, EcoStruxure Power Operation, PowerLogic protection relays, and Saitel DP devices, among others.
The vulnerability stems from weak randomness in session token generation, making it possible for an attacker to predict or brute-force session identifiers. With a CVSS v3 base score of 8.3, the flaw is rated high severity. Schneider Electric has released patches for each affected product line, and CISA urges organizations to apply updates immediately. The affected products are deployed across critical infrastructure sectors including energy, water and wastewater, chemical, and critical manufacturing, with worldwide distribution.
A detailed list of affected versions includes dozens of models: Easergy MiCOM C264 (up to D7.33), P139, P437, P439, P532, P539, P631, P632, P633, P634, P138, P436, P438, P638, and C434 relays; EcoStruxure Power Automation System Gateway (EPAS-GTW) up to version 6.4.616.200.100; EcoStruxure Power Automation System User Interface (EPAS-UI) up to 3.0.3; EcoStruxure Power Operation 2022 CU6 and 2024 CU2; iPMFLS up to 64.2025.0.13; PowerLogic P5 Protection Relay up to V02.502.103; PowerLogic P7 Protection and Control Platform up to V02.002.002; PowerLogic T300 up to 2.9.4; PowerLogic T500 up to 11.08.02; Easergy C5 up to 1.1.17; and Saitel DP up to 11.06.36. The Easergy MiCOM P40 Series with specific protocol option bits (G, H, or L) is also affected across all firmware versions.
Schneider Electric has provided fixed versions for each product line. For example, MiCOM C264 should be updated to D7.34, Easergy C5 to 1.1.18, and EcoStruxure Power Operation to 2022 CU7 or 2024 CU3. The company advises contacting its Customer Care Center for assistance with updating devices that require a reboot. The advisory notes that the vulnerability was discovered internally by Schneider Electric and no public exploitation has been reported at this time.
The breadth of this advisory underscores the challenge of securing legacy and widely deployed industrial control equipment. Many of the affected products are used in substation automation, power monitoring, and grid management, making them attractive targets for nation-state actors and cybercriminals alike. CISA recommends that asset owners inventory their Schneider Electric devices, prioritize patching based on network exposure, and implement network segmentation to limit attack surface.
This advisory follows a series of Schneider Electric vulnerabilities disclosed in recent months, including CVE-2026-6866 affecting EcoStruxure Panel Server and a critical RADIUS flaw in Modicon switches. The cumulative impact highlights the need for continuous monitoring and timely patching in operational technology environments, where unpatched flaws can lead to disruption of essential services.