CVE-2026-4832
Received Received - Intake
Hardcoded Credentials in SNMP Port Allow Unauthorized Access

Publication date: 2026-04-14

Last updated on: 2026-04-14

Assigner: Schneider Electric SE

Description
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-14
EPSS Evaluated
2026-06-14
NVD
CVE-2026-4832
EUVD
EUVD-2026-22310
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
schneider_electric easergy_micom_px40 to C4E (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not explicitly address how the CVE-2026-4832 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-4832 is a vulnerability in Schneider Electric’s Easergy MiCOM Px40 Series protection relays that involves the use of hard-coded credentials (CWE-798). This flaw allows an unauthenticated attacker to gain unauthorized access to sensitive device information by interrogating the SNMP port (typically UDP/161). Because the credentials are hard-coded, they cannot be changed or removed, making it easier for attackers to exploit the device remotely without needing any privileges or user interaction.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive information on the affected devices. An attacker exploiting this flaw could interrogate the SNMP port to retrieve confidential device data, potentially compromising the security and operation of critical protection relays used in medium to extra high voltage electrical systems. This unauthorized access could disrupt system integrity, lead to information leakage, and increase the risk of further attacks on the network or infrastructure.

Detection Guidance

This vulnerability involves unauthorized access via the SNMP port, typically UDP/161, due to hard-coded credentials. Detection can focus on monitoring SNMP traffic and attempts to access SNMP services on affected devices.

You can use network scanning tools or commands to check for open SNMP ports on your devices. For example, using nmap to scan for UDP port 161:

  • nmap -sU -p 161 <target-ip>

Additionally, you can attempt SNMP queries to see if unauthorized access is possible, for example using snmpwalk or snmpget commands with default or known hard-coded community strings.

  • snmpwalk -v1 -c public <target-ip>
  • snmpget -v1 -c public <target-ip> <OID>

Monitoring logs for unusual SNMP access attempts and network traffic analysis can also help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include blocking the SNMP service port (UDP/161) to reduce exposure if patching cannot be done immediately.

Other recommended actions are isolating control and safety networks behind firewalls, restricting physical access to devices, securing programming modes, sanitizing mobile data exchange devices, minimizing network exposure, and using secure remote access methods such as VPNs.

The definitive fix is to update the affected Schneider Electric Easergy MiCOM Px40 Series devices to the fixed firmware versions provided by Schneider Electric, available through their Customer Care Center.

It is also advised to follow proper patching methodologies, including backing up systems and testing patches in development or offline environments before deployment.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4832. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart