Insecure Default Initialization Vulnerability in Schneider Electric Products
CVE-2026-6866

8.2HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure™ Panel Server
Vendor: CVE Published:; 12 May 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2026-6866?

An insecure default initialization vulnerability exists in Schneider Electric products, which may lead to the unauthorized disclosure of sensitive information. In specific scenarios, when credentials revert to their initial settings, an attacker could exploit this weakness to authenticate using well-known default credentials. This highlights the critical need for users to ensure proper configuration and security measures to defend against unauthorized access.

Affected Version(s)

EcoStruxure™ Panel Server Versions 002.005.000 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 22, 2026

CVE-2026-6866 Data

JSON