Schneider Electric: CWE331 Insufficient Entropy Enables Session Hijacking
CVE-2026-4827 Published on May 12, 2026

Insufficient Entropy vulnerability on Multiple Products
CWE331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in sessionmanagement protections.

NVD

Weakness Type

Insufficient Entropy

The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Affected Versions

Schneider Electric Easergy MiCOM C264:

Version Versions D6.x is affected.
Version Versions D7.33 and prior is affected.

Schneider Electric Easergy C5:

Version Version 1.1.17 and prior is affected.

Schneider Electric Easergy MiCOM P30:

Version P139 version prior to P139.678.700 is affected.
Version P437 version prior to P437.678.700 is affected.
Version P439 version prior to P439.678.700 is affected.
Version P532 version prior to P532.678.700 is affected.
Version P539 version prior to P539.678.700 is affected.
Version P631 version prior to P631.678.700 is affected.
Version P632 version prior to P632.678.700 is affected.
Version P633 version prior to P633.678.700 is affected.
Version P634 version prior to P634.678.700 is affected.
Version P633 version P633.680.700 only is affected.
Version P634 version P634.680.700 only is affected.
Version P138 version prior to P138.677.700 is affected.
Version P436 version prior to P436.677.701 is affected.
Version P438 version prior to P438.677.701 is affected.
Version P638 version prior to P638.677.700 is affected.
Version C434 version prior to C434.679.700 is affected.

Schneider Electric Easergy MiCOM P40:

Version Series model numbers with Protocol Option bit as G, H or L and all firmware versions is affected.

Schneider Electric EcoStruxure™ Power Automation System Gateway (EPAS-GTW):

Version Version 6.4.616.200.100 and prior is affected.

Schneider Electric EcoStruxure™ Power Automation System User Interface (EPAS-UI):

Version Version 3.0.3 and prior is affected.

Schneider Electric EcoStruxure™ Power Operation:

Version Version 2022 CU6 and prior is affected.
Version Version 2024 CU2 and prior is affected.

Schneider Electric iPMFLS:

Version Version 64.2025.0.13 and prior is affected.

Schneider Electric PowerLogic™ P5 Protection Relay:

Version V02.502.103 and prior is affected.

Schneider Electric PowerLogic™ P7 Protection and Control Platform:

Version V02.002.002 and prior is affected.

Schneider Electric PowerLogic™ T300:

Version Version 2.9.4 and prior is affected.

Schneider Electric PowerLogic™ T500:

Version Version 11.08.02 and prior is affected.

Schneider Electric Saitel DP:

Version Version 11.06.36 and prior is affected.

Schneider Electric EasyLogic T150 (formerly Saitel DR):

Version Version 11.06.30 and prior is affected.

Exploit Probability

EPSS

0.31%

Percentile

22.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Schneider Electric: CWE331 Insufficient Entropy Enables Session HijackingCVE-2026-4827 Published on May 12, 2026

Weakness Type

Insufficient Entropy

Affected Versions

Exploit Probability

Schneider Electric: CWE331 Insufficient Entropy Enables Session Hijacking
CVE-2026-4827 Published on May 12, 2026