Insufficient Init: Schneider Device Reverts to Factory Credentials
CVE-2026-6866 Published on May 12, 2026

Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials.

NVD

Weakness Type

Insecure Default Initialization of Resource

The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

Affected Versions

Schneider Electric EcoStruxure™ Panel Server Version Versions 002.005.000 and prior is affected by CVE-2026-6866

Insufficient Init: Schneider Device Reverts to Factory CredentialsCVE-2026-6866 Published on May 12, 2026

Weakness Type

Insecure Default Initialization of Resource

Affected Versions

Insufficient Init: Schneider Device Reverts to Factory Credentials
CVE-2026-6866 Published on May 12, 2026