{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4832", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2026-03-25T14:13:10.490Z", "datePublished": "2026-04-14T15:05:00.845Z", "dateUpdated": "2026-04-14T18:16:06.726Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2026-04-14T15:17:08.719Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-Coded Credentials", "type": "CWE"}]}], "affected": [{"vendor": "Schneider Electric", "product": "Easergy MiCOM P14x", "versions": [{"status": "affected", "version": "All versions prior to B4A"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P24x", "versions": [{"status": "affected", "version": "All versions prior to D3A"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P341", "versions": [{"status": "affected", "version": "All versions prior to E3F"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P342, P343, P344, P345", "versions": [{"status": "affected", "version": "All versions prior to B3F"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P442, P444", "versions": [{"status": "affected", "version": "All versions prior to E3A"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P443, P445, P446, P543, P544, P545, P546", "versions": [{"status": "affected", "version": "All versions prior to H6A"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P642, P645", "versions": [{"status": "affected", "version": "All versions prior to B4A"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P643", "versions": [{"status": "affected", "version": "All versions prior to B3F"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P741, P742, P743", "versions": [{"status": "affected", "version": "All versions prior to B2A"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P746", "versions": [{"status": "affected", "version": "All versions prior to B4E or C4E"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P841", "versions": [{"status": "affected", "version": "All versions prior to G6A"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Easergy MiCOM P849", "versions": [{"status": "affected", "version": "All versions prior to B4A"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port."}]}], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-03.pdf"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T18:15:51.123382Z", "id": "CVE-2026-4832", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T18:16:06.726Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port."}], "id": "CVE-2026-4832", "lastModified": "2026-04-14T16:16:48.167", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2026-04-14T16:16:48.167", "references": [{"source": "cybersecurity@se.com", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-03.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "cybersecurity@se.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-14T16:24:02.758082+00:00", "value": {"mitigation_remediation": ["Update the device firmware to a version that removes or amends the hard\u2011coded SNMP credentials.", "Disable or lock the SNMP service if it is not required.", "Configure SNMP access control lists to restrict queries to trusted IP addresses.", "Change any manually configured SNMP communities or passwords to unique, strong values.", "Verify the update with the vendor\u2019s release notes and test functionality after applying the patch."], "summary": {"action": "Apply Patch", "impact": "Unauthorized access to sensitive device information"}, "threat_synthesis": {"affected_systems": "Schneider Electric Easergy MiCOM series, including models P14x, P24x, P341\u2011P345, P442\u2011P446, P543\u2011P546, P642, P643, P645, P741\u2011P743, P746, P841, and P849. Versions are not enumerated in the advisory, so all firmware builds shipped with hard\u2011coded SNMP credentials are potentially affected.", "description_and_impact": "A hard\u2011coded credential flaw allows an attacker who can query the SNMP interface to impersonate an authorized user and read or modify sensitive configuration and status data. The flaw is a classic case of hard\u2011coded passwords (CWE\u2011798) and enables non\u2011authenticated access to device information.", "risk_and_exploitability": "The CVSS base score of 6.9 indicates moderate to high severity. No exploit probability score (EPSS) is available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote access to the SNMP port; a remote attacker can connect from any network that can reach the device and without prior authentication exploit the hard\u2011coded credentials to read device data."}}}}, "created": "2026-04-14T16:30:23.434968+00:00", "title": "Hard\u2011coded SNMP Credentials Enable Unauthorized Device Access", "updated": "2026-04-14T16:30:23.434992+00:00", "vendors": []}