Schneider Electric: CWE331 Insufficient Entropy Enables Session Hijacking
CVE-2026-4827 Published on May 12, 2026

Weakness Type

Affected Versions

Schneider Electric Easergy MiCOM C264:

• Version Versions D6.x all versions is affected.
• Version Versions D7.33 and prior is affected.

Schneider Electric Easergy C5:

• Version Version 1.1.17 and prior is affected.

Schneider Electric Easergy MiCOM P30:

• Version Easergy MiCOM P139 version prior to P139.678.700 is affected.
• Version Easergy MiCOM P437 version prior to P437.678.700 is affected.
• Version Easergy MiCOM P439 version prior to P439.678.700 is affected.
• Version Easergy MiCOM P532 version prior to P532.678.700 is affected.
• Version Easergy MiCOM P539 version prior to P539.678.700 is affected.
• Version Easergy MiCOM P631 version prior to P631.678.700 is affected.
• Version Easergy MiCOM P632 version prior to P632.678.700 is affected.
• Version Easergy MiCOM P633 version prior to P633.678.700 is affected.
• Version Easergy MiCOM P633 version P633.680.700 only is affected.
• Version Easergy MiCOM P634 version prior to P634.678.700 is affected.
• Version Easergy MiCOM P634 version P634.680.700 only is affected.
• Version Easergy MiCOM P138 version prior to P138.677.700 is affected.
• Version Easergy MiCOM P436 version prior to P436.677.701 is affected.
• Version Easergy MiCOM P438 version prior to P438.677.701 is affected.
• Version Easergy MiCOM P638 version prior to P638.677.700 is affected.
• Version Easergy MiCOM C434 version prior to C434.679.700 is affected.

Schneider Electric Easergy MiCOM P40:

• Version P_ 4_ _ _ _ _ G_ _ _ _ _ M is affected.
• Version P_ 4_ _ _ _ _ H_ _ _ _ _ M is affected.
• Version P_ 4_ _ _ _ _ L _ _ _ _ _ M is affected.
• Version P_ 4_ _ _ _ _ G_ _ _ _ _ L is affected.
• Version P_ 4_ _ _ _ _ H_ _ _ _ _ L is affected.
• Version P_ 4_ _ _ _ _ L _ _ _ _ _ L is affected.

Schneider Electric EcoStruxure™ Power Automation System Gateway (EPAS-GTW):

• Version Version 6.4.616.200.100 and prior is affected.

Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI):

• Version Version 3.0.3 and prior is affected.

Schneider Electric EcoStruxure™ Power Operation:

• Version Version 2022 CU6 and prior is affected.
• Version Version 2024 CU2 and prior is affected.

Schneider Electric iPMFLS:

• Version Version 64.2025.0.13 and prior is affected.

Schneider Electric PowerLogic™ P5 Protection Relay:

• Version V02.502.103 and prior is affected.

Schneider Electric PowerLogic™ P7 Protection and Control Platform:

• Version V02.002.002 and prior is affected.

Schneider Electric PowerLogic™ T300:

• Version Version 2.9.4 and prior is affected.

Schneider Electric PowerLogic™ T500:

• Version Version 11.08.02 and prior is affected.

Schneider Electric Saitel DP:

• Version Version 11.06.36 and prior is affected.

Schneider Electric EasyLogic T150 (formerly Saitel DR):

• Version Version 11.06.30 and prior is affected.