CVE-2026-6332

CVE-2026-6332 describes a plaintext storage of sensitive information vulnerability in Schneider Electric’s EcoStruxure Machine Expert HVAC platform. The issue centers on how sensitive data (potentially including protected source code) is stored, which could lead to confidentiality loss if an auth...

CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

Schneider Electric Ecostruxure Machine Expert HVAC 安全漏洞

Schneider Electric Ecostruxure Machine Expert HVAC is a software platform developed by Schneider Electric, a French company, dedicated to the control and automation of heating, ventilation, and air conditioning equipment. Schneider Electric Ecostruxure Machine Expert HVAC has a security...

CVE-2026-6866

CVE-2026-6866 affects EcoStruxure Panel Server and describes a CWE-1188 vulnerability where initialization of a resource with an insecure default could enable unauthorized authentication when credentials revert to initial settings. The threat scenario implies potential unauthorized disclosure of ...

CVE-2026-6866 Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

CVE-2026-6866 Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

Schneider Electric EcoStruxure Panel Server 安全漏洞

Schneider Electric EcoStruxure Panel Server is an IoT gateway developed by Schneider Electric of France, used for data collection and uploading. Schneider Electric EcoStruxure Panel Server has a security vulnerability that stems from the use of insecure default values during resource...

Schneider Electric多款产品 安全特征问题漏洞

Schneider Electric Easergy MiCOM Px40 Series are products of Schneider Electric, a French company. The Schneider Electric Easergy MiCOM Px40 Series consists of a series of power protection and control relay devices. The Schneider Electric Easergy MiCOM C264 is an industrial communication gateway...

Schneider Electric EcoStruxure Foxboro DCS Code Issue Vulnerability

The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A code issue vulnerability exists in the Schneider Electric EcoStruxure Foxboro DCS, which can be exploited by an attacker to cause compromise of...

EcoStruxure IT Data Center Expert <= 9.0 Use of Hard-coded Credentials (SEVD-2026-069-05)

The version of EcoStruxure IT Data Center Expert installed on the remote host is 9.0 or prior. It is, therefore, affected by a vulnerability as referenced in the SEVD-2026-069-05 advisory. - Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code...

Schneider Electric EcoStruxure Automation Expert 代码注入漏洞

Schneider Electric EcoStruxure Automation Expert is a software platform for industrial automation systems from the French company Schneider Electric Schneider Electric. A code injection vulnerability exists in Schneider Electric EcoStruxure Automation Expert, which can be exploited by an attacker...

Schneider Electric EcoStruxure Foxboro DCS 代码问题漏洞

The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A code issue vulnerability exists in the Schneider Electric EcoStruxure Foxboro DCS, which can be exploited by an attacker to cause compromise of...

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

PT-2026-4356

Name of the Vulnerable Software and Affected Versions Schneider Electric EcoStruxure Process Expert versions prior to 2025 Description An incorrect default permissions issue can lead to privilege escalation via a reverse shell. A local user with normal privileges can modify executable service...