CVE-2026-9650
Analyzed Analyzed - Analysis Complete

Insufficiently Protected Credentials in Firmware

Vulnerability report for CVE-2026-9650, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-14

Assigner: Schneider Electric SE

Description

CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the device if they have physical access to the device.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
schneider-electric easylogic_t150_firmware to 11.06.32 (exc)
schneider-electric saitel_dp_firmware to 11.06.38 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-9650 is a vulnerability classified as CWE-522, which means it involves insufficiently protected credentials. This flaw allows an unauthenticated attacker to access credentials stored within the firmware or system files of certain Schneider Electric devices, specifically the EasyLogic T150 and Saitel DP Remote Terminal Unit & Controller products.

If an attacker gains access to these credentials, they could potentially use them to compromise the device, especially if they have physical access to it. This vulnerability arises because the credentials are not adequately protected, making unauthorized access possible.

Compliance Impact

This vulnerability involves insufficiently protected credentials that could lead to unauthorized access and exposure of sensitive information stored within firmware or system files. Such exposure of sensitive data can potentially impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access.

If an attacker gains physical access and exploits this vulnerability, it could result in a breach of confidentiality, which is a critical requirement under these standards. Organizations using the affected Schneider Electric products should apply the provided patches and follow recommended cybersecurity best practices to mitigate the risk and maintain compliance.

Impact Analysis

This vulnerability can lead to unauthorized access and exposure of sensitive information stored in the device's firmware or system files. An attacker who obtains these credentials could compromise the affected device, potentially disrupting its operation or gaining control over it.

Since the vulnerability requires physical access to the device for full exploitation, the risk is higher in environments where physical security is weak. Compromise of these devices could affect critical control systems, leading to operational disruptions or security breaches.

Detection Guidance

This vulnerability affects specific Schneider Electric products: EasyLogic T150 (versions 11.06.30 and prior) and Saitel DP (versions 11.06.35 and prior). Detection involves identifying if these vulnerable firmware versions are in use.

To detect the vulnerability on your system, check the firmware version of the affected devices. Commands or methods to query firmware versions depend on the device interface, but typically involve accessing the device management console or using vendor-specific tools.

Since the vulnerability involves credentials stored in firmware or system files, monitoring for unauthorized access attempts or unusual access to these files may also help detect exploitation attempts.

No specific commands are provided in the available resources for detection.

Mitigation Strategies

The primary mitigation step is to update the firmware of affected devices to the fixed versions released by Schneider Electric: version 11.06.32 for EasyLogic T150 and version 11.06.38 for Saitel DP.

Customers should contact Schneider Electric’s Customer Care Center to download and apply these patches. Applying the update requires a system reboot.

It is recommended to follow proper patching methodologies, including taking backups and testing the updates in a development environment before deploying them in production.

  • Isolate control systems behind firewalls.
  • Implement physical access controls to prevent unauthorized physical access to devices.
  • Ensure secure remote access methods such as VPNs are used.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9650. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart