CVE-2026-6866

EUVD-2026-29484
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
schneider-electricecostruxure_panel_server_pas400_firmware
𝑥
< 002.006.000
schneider-electricecostruxure_panel_server_pas600_firmware
𝑥
< 002.006.000
schneider-electricecostruxure_panel_server_pas600v2_firmware
𝑥
< 002.006.000
schneider-electricecostruxure_panel_server_pas800_firmware
𝑥
< 002.006.000
schneider-electricecostruxure_panel_server_pas800v2_firmware
𝑥
< 002.006.000
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-04.pdf