Summary
Schneider Electric is aware of its vulnerability in its EcoStruxure Panel Server offer. The EcoStruxure Panel Server is a high performance, modular gateway with enhanced cybersecurity that provides easy and fast connections to multiple concurrent edge control or cloud applications. Failure to apply the remediations provided below may risk unauthorized authentication, which could lead to access to sensitive information.
The following versions of Schneider Electric EcoStruxure Panel Server are affected:
- EcoStruxure Panel Server PAS800 vers:intdot/<=002.005.000
- EcoStruxure Panel Server PAS800 vers:intdot/=002.006.000
- EcoStruxure Panel Server PAS800V2 vers:intdot/<=002.005.000
- EcoStruxure Panel Server PAS800V2 vers:intdot/=002.006.000
- EcoStruxure Panel Server PAS600 vers:intdot/<=002.005.000
- EcoStruxure Panel Server PAS600 vers:intdot/=002.006.000
- EcoStruxure Panel Server PAS600V2 vers:intdot/<=002.005.000
- EcoStruxure Panel Server PAS600V2 vers:intdot/=002.006.000
- EcoStruxure Panel Server PAS400 vers:intdot/<=002.005.000
- EcoStruxure Panel Server PAS400 vers:intdot/=002.006.000
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 7.5 | Schneider Electric | Schneider Electric EcoStruxure Panel Server | Initialization of a Resource with an Insecure Default |
Background
- Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: France
Vulnerabilities
CVE-2026-6866
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials
Affected Products
Schneider Electric EcoStruxure Panel Server
Schneider Electric
EcoStruxure Panel Server PAS800 Versions 002.005.000 and prior, EcoStruxure Panel Server PAS800V2 Versions 002.005.000 and prior, EcoStruxure Panel Server PAS600 Versions 002.005.000 and prior, EcoStruxure Panel Server PAS600V2 Versions 002.005.000 and prior, EcoStruxure Panel Server PAS400 Versions 002.005.000 and prior
fixed, known_affected
Remediations
Vendor fix
Version 002.006.000 of EcoStruxure Panel Server includes a fix for this vulnerability and is available for download here: • https://www.se.com/ww/en/download/document/PAS800_Fir mware_Package/ • Reboot needed: Yes
https://www.se.com/ww/en/download/document/PAS800_Firmware_Package/
Vendor fix
Version 002.006.000 of EcoStruxure Panel Server includes a fix for this vulnerability and is available for download here: • https://www.se.com/ww/en/download/document/PAS800V2_F irmware_Package/ • Reboot needed: Yes
https://www.se.com/ww/en/download/document/PAS800V2_Firmware_Package/
Vendor fix
Version 002.006.000 of EcoStruxure Panel Server includes a fix for this vulnerability and is available for download here: • https://www.se.com/ww/en/download/document/PAS600_Fir mware_Package/ • Reboot needed: Yes
https://www.se.com/ww/en/download/document/PAS600_Firmware_Package/
Vendor fix
Version 002.006.000 of EcoStruxure Panel Server includes a fix for this vulnerability and is available for download here: • https://www.se.com/ww/en/download/document/PAS600V2_ Firmware_Package/ • Reboot needed: Yes[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: