This vulnerability (CVE-2026-4827) involves insufficient entropy in the session management of Schneider Electric Easergy MiCOM C264 devices. Insufficient entropy can weaken cryptographic protections, making session tokens or keys more predictable and vulnerable to attack. An attacker on the same network could exploit this weakness to bypass session management controls and gain unauthorized access to the device. The affected versions include all D6.x versions and D7.33 and earlier. The CVSS 4.0 score of 8.7 reflects network attack vector, low attack complexity, no privileges required, user interaction needed, and high impact on confidentiality and integrity. No official remediation or patch has been announced by Schneider Electric as of the publication date.

Successful exploitation could lead to unauthorized access to the affected Schneider Electric Easergy MiCOM C264 devices by compromising session management protections. This may result in exposure or manipulation of sensitive device functions or data. The high CVSS score indicates a serious impact on confidentiality and integrity. However, no known exploits are currently reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level has been provided by Schneider Electric, users should monitor vendor communications for updates. Until a patch is available, limiting network exposure of affected devices and restricting access to trusted users may reduce risk.