Schneider Electric Easergy MiCOM Px40 Series
View CSAF Summary Schneider Electric is aware of a vulnerability in its Easergy MiCOM Px40 Series products. The Easergy MiCOM Px40 is a protection relay series for Medium Voltage, High Voltage and Extra High Voltage protection. Failure to apply the mitigations provided below may risk unauthorized exposure of basic device identification through the SNMP protocol. The following versions of Schneider Electric Easergy MiCOM Px40 Series are affected: Easergy MiCOM P14x All versions prior to B4A Easergy MiCOM P24x All versions prior to D3A Easergy MiCOM P341 All versions prior to E3F Easergy MiCOM P342, P343, P344, P345 All versions prior to B3F Easergy MiCOM P442, P444 All versions prior to E3A Easergy MiCOM P443, P445, P446, P543, P544, P545, P546 All versions prior to H6A Easergy MiCOM P841 All versions prior to G6A Easergy MiCOM P643 All versions prior to B3F Easergy MiCOM P642, P645 All versions prior to B4A Easergy MiCOM P741, P742, P743 All versions prior to B2A Easergy MiCOM P746 All versions prior to B4E Easergy MiCOM P746 All versions prior to C4E Easergy MiCOM P849 All versions prior to B4A CVSS Vendor Equipment Vulnerabilities v3 5.3 Schneider Electric Schneider Electric Easergy MiCOM Px40 Series Use of Hard-coded Credentials Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-4832 CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port. View CVE Details Affected Products Schneider Electric Easergy MiCOM Px40 Series Vendor: Schneider Electric Product Version: Easergy MiCOM P14x All versions prior to B4A, Easergy MiCOM P24
CSIRTS triage
- What
- Unauthorized exposure of basic device identification through the SNMP protocol.
- Who is affected
- Users of Schneider Electric Easergy MiCOM Px40 Series products with versions prior to the specified updates.
- Urgency
- Remediation is critical as it poses a risk of unauthorized information exposure.
- Action
- Apply the provided mitigations and update to the specified versions.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Easergy MiCOM Px40 Series
Get an email when a new Easergy MiCOM Px40 Series advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-03
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-48320.27% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 19% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-4832 | coverage & exploitation status | NVD · CVE.org |
More from CISA Cybersecurity Advisories
- highCISA Adds Two Known Exploited Vulnerabilities to Catalog2026-07-10
- criticalSchneider Electric PowerChute Serial Shutdown2026-07-09
- criticalOpenPLC v32026-07-09
- highCISA Adds One Known Exploited Vulnerability to Catalog2026-07-07
- criticalSiemens SINEC OS2026-07-07