Insufficient Init: Schneider Device Reverts to Factory Credentials
CVE-2026-6866 Published on May 12, 2026

Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials.

NVD

Weakness Type

Insecure Default Initialization of Resource

The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

Affected Versions

Schneider Electric EcoStruxure™ Panel Server Version Versions 002.005.000 and prior is affected by CVE-2026-6866

Exploit Probability

EPSS

0.31%

Percentile

22.21%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Insufficient Init: Schneider Device Reverts to Factory CredentialsCVE-2026-6866 Published on May 12, 2026

Weakness Type

Insecure Default Initialization of Resource

Affected Versions

Exploit Probability

Insufficient Init: Schneider Device Reverts to Factory Credentials
CVE-2026-6866 Published on May 12, 2026