CVE-2026-6866

HIGH

Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server

Title source: cna

Description

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials.

References (1)

Core 1

Core References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-04.pdf

Scores

CVSS v4 8.2

EPSS 0.0031

EPSS Percentile 22.2%

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1188

Status published

Products (1)

Schneider Electric/EcoStruxure™ Panel Server Versions 002.005.000 and prior

Published May 12, 2026

Tracked Since May 12, 2026