CVE-2026-9650
Received Received - Intake
Insufficiently Protected Credentials in Firmware

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Schneider Electric SE

Description
CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the device if they have physical access to the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-9650
EUVD
EUVD-2026-39430
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
schneider_electric easylogic_t150 to 11.06.30 (exc)
schneider_electric saitel_dp to 11.06.35 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-9650 is a vulnerability classified as CWE-522, which means it involves insufficiently protected credentials. This flaw allows an unauthenticated attacker to access credentials stored within the firmware or system files of certain Schneider Electric devices, specifically the EasyLogic T150 and Saitel DP Remote Terminal Unit & Controller products.

If an attacker gains access to these credentials, they could potentially use them to compromise the device, especially if they have physical access to it. This vulnerability arises because the credentials are not adequately protected, making unauthorized access possible.

Impact Analysis

This vulnerability can lead to unauthorized access and exposure of sensitive information stored in the device's firmware or system files. An attacker who obtains these credentials could compromise the affected device, potentially disrupting its operation or gaining control over it.

Since the vulnerability requires physical access to the device for full exploitation, the risk is higher in environments where physical security is weak. Compromise of these devices could affect critical control systems, leading to operational disruptions or security breaches.

Detection Guidance

This vulnerability affects specific Schneider Electric products: EasyLogic T150 (versions 11.06.30 and prior) and Saitel DP (versions 11.06.35 and prior). Detection involves identifying if these vulnerable firmware versions are in use.

To detect the vulnerability on your system, check the firmware version of the affected devices. Commands or methods to query firmware versions depend on the device interface, but typically involve accessing the device management console or using vendor-specific tools.

Since the vulnerability involves credentials stored in firmware or system files, monitoring for unauthorized access attempts or unusual access to these files may also help detect exploitation attempts.

No specific commands are provided in the available resources for detection.

Mitigation Strategies

The primary mitigation step is to update the firmware of affected devices to the fixed versions released by Schneider Electric: version 11.06.32 for EasyLogic T150 and version 11.06.38 for Saitel DP.

Customers should contact Schneider Electric’s Customer Care Center to download and apply these patches. Applying the update requires a system reboot.

It is recommended to follow proper patching methodologies, including taking backups and testing the updates in a development environment before deploying them in production.

  • Isolate control systems behind firewalls.
  • Implement physical access controls to prevent unauthorized physical access to devices.
  • Ensure secure remote access methods such as VPNs are used.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9650. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart