Critical

Schneider Electric Easergy MiCOM Px40 Series

All CISA Advisories

Overview

Schneider Electric has reported a vulnerability affecting its Easergy MiCOM Px40 Series protection relays, which are used in medium to extra high voltage applications. The vulnerability allows unauthorized exposure of device identification through the SNMP protocol, impacting various models including the Easergy MiCOM P14x, P24x, P341, and several others, all prior to specific firmware versions. This issue raises concerns for critical infrastructure sectors such as energy and manufacturing, as it could lead to unauthorized access to sensitive device information. Users are advised to implement immediate mitigations or upgrade to firmware versions that eliminate SNMP functionality to protect their systems. This situation is particularly pressing for organizations relying on these devices for operational safety and security.

Key Takeaways

  • Affected Systems: Affected products include Easergy MiCOM P14x (all versions prior to B4A), P24x (all versions prior to D3A), P341 (all versions prior to E3F), P342, P343, P344, P345 (all versions prior to B3F), P442, P444 (all versions prior to E3A), P443, P445, P446, P543, P544, P545, P546 (all versions prior to H6A), P841 (all versions prior to G6A), P643 (all versions prior to B3F), P642, P645 (all versions prior to B4A), P741, P742, P743 (all versions prior to B2A), P746 (all versions prior to B4E and C4E), P849 (all versions prior to B4A).
  • Action Required: Customers should upgrade to firmware versions that do not include SNMP functionality.
  • Timeline: Disclosed on October 2023

Original Article Summary

View CSAF Summary Schneider Electric is aware of a vulnerability in its Easergy MiCOM Px40 Series products. The [Easergy MiCOM Px40](https://www.se.com/ww/en/product-subcategory/4725-easergy-micom-px40-series/?filter=business-6-medium-voltage-distribution-and-grid-automation) is a protection relay series for Medium Voltage, High Voltage and Extra High Voltage protection. Failure to apply the mitigations provided below may risk unauthorized exposure of basic device identification through the SNMP protocol. The following versions of Schneider Electric Easergy MiCOM Px40 Series are affected: Easergy MiCOM P14x All versions prior to B4A Easergy MiCOM P24x All versions prior to D3A Easergy MiCOM P341 All versions prior to E3F Easergy MiCOM P342, P343, P344, P345 All versions prior to B3F Easergy MiCOM P442, P444 All versions prior to E3A Easergy MiCOM P443, P445, P446, P543, P544, P545, P546 All versions prior to H6A Easergy MiCOM P841 All versions prior to G6A Easergy MiCOM P643 All versions prior to B3F Easergy MiCOM P642, P645 All versions prior to B4A Easergy MiCOM P741, P742, P743 All versions prior to B2A Easergy MiCOM P746 All versions prior to B4E Easergy MiCOM P746 All versions prior to C4E Easergy MiCOM P849 All versions prior to B4A CVSS Vendor Equipment Vulnerabilities v3 5.3 Schneider Electric Schneider Electric Easergy MiCOM Px40 Series Use of Hard-coded Credentials Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-4832 CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port. View CVE Details Affected Products Schneider Electric Easergy MiCOM Px40 Series Vendor: Schneider Electric Product Version: Easergy MiCOM P14x All versions prior to B4A, Easergy MiCOM P24x All versions prior to D3A, Easergy MiCOM P341 All versions prior to E3F, Easergy MiCOM P342, P343, P344, P345 All versions prior to B3F, Easergy MiCOM P442 P444 All versions prior to E3A, Easergy MiCOM P443, P445, P446, P543, P544, P545, P546 All versions prior to H6A, Easergy MiCOM P841 All versions prior to G6A, Easergy MiCOM P643 All versions prior to B3F, Easergy MiCOM P642, P645 All versions prior to B4A, Easergy MiCOM P741, P742, P743 All versions prior to B2A, Easergy MiCOM P746 All versions prior to B4E, Easergy MiCOM P746 All versions prior to C4E, Easergy MiCOM P849 All versions prior to B4A Product Status: known_affected Remediations Mitigation For customers who do not require SNMP Contact Schneider Electric's [Customer Care Center](https://www.se.com/ww/en/work/support/contacts.jsp) to upgrade the Firmware to a version without SNMP functionality. If customers choose not to apply the upgrade provided above, they should immediately apply the following mitigations to reduce the risk of exploit: * Use relays only in a protected network environment, * Use firewalls to protect and separate the control system network from other networks, * Use VPN (Virtual Private Networks) tunnels if remote access is required. For customers who require SNMP Please immediately apply the following mitigations to reduce the risk of exploit: * Use relays only in a protected network environment, * Use firewalls to protect and separate the control system network from other networks, * Use VPN (Virtual Private Networks) tunnels if remote access is required. Relevant CWE: CWE-798 Use of Hard-coded Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Acknowledgments Schneider Electric CPCERT reported this vulnerability to CISA. General Security Recommendations We strongly recommend the following industry cybersecurity best practices. * Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. * Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. * Place all controllers in locked cabinets and never leave them in the “Program” mode. * Never connect programming software to any network other than the network intended for that device. * Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. * Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. * Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. For more information refer to the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document. For More Information This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process. For further information related to cybersecurity in Schneider Electric's products, visit the company's cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp LEGAL DISCLAIMER THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION About Schneider Electric Schneider's purpose is to create Impact by empowering all to make the most of our energy and resources, bridging progress and sustainability for all. We call this Life Is On. Our mission is to be the trusted partner in Sustainability and Efficiency. We are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart industries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep domain expertise, we provide integrated end-to-end lifecycle AI enabled Industrial IoT solutions with connected products, automation, software and services, delivering digital twins to enable profitable growth for our customers. We are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries to ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our meaningful purpose of a sustainable future for all. www.se.com Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. Advisory Conversion Disclaimer This ICSA is a verbatim republication of Schneider Electric CPCERT SEVD-2026-104-03 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Schneider Electric CPCERT directly for any questions regarding this advisory. Revision History Initial Release Date: 2026-04-14 Date Revision Summary 2026-04-14 1 Original Release 2026-05-12 2 Updated the risk associated with successful exploitation of this vulnerability and revised the remediation table to a mitigation table to emphasize that multiple mitigation options are available. 2026-07-09 3 Initial CISA Republication of Schneider Electric CPCERT SEVD-2026-104-03 advisory Legal Notice and Terms of Use

Impact

Affected products include Easergy MiCOM P14x (all versions prior to B4A), P24x (all versions prior to D3A), P341 (all versions prior to E3F), P342, P343, P344, P345 (all versions prior to B3F), P442, P444 (all versions prior to E3A), P443, P445, P446, P543, P544, P545, P546 (all versions prior to H6A), P841 (all versions prior to G6A), P643 (all versions prior to B3F), P642, P645 (all versions prior to B4A), P741, P742, P743 (all versions prior to B2A), P746 (all versions prior to B4E and C4E), P849 (all versions prior to B4A).

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Disclosed on October 2023

Remediation

Customers should upgrade to firmware versions that do not include SNMP functionality. If an upgrade is not possible, they should implement the following mitigations: use relays in a protected network environment, employ firewalls to separate the control system network from other networks, and utilize VPN tunnels for remote access.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Exploit, Vulnerability, and 2 more.

Related Coverage

Forgotten Bootloaders Expose Secure Boot Blind Spot

darkreading

Researchers have discovered that nearly a dozen UEFI shim bootloaders, which were deemed vulnerable and subsequently revoked, remained trusted for years. This oversight allowed attackers an opportunity to bypass the Secure Boot feature designed to protect systems from unauthorized software. The situation raises significant security concerns, particularly for users and organizations relying on Secure Boot to safeguard their devices. The affected bootloaders could have been exploited to run malicious code, potentially compromising the integrity of the systems. As this issue has persisted for some time, it highlights the need for better management of trusted software components in the boot process.

Jul 15, 2026

Europe built the world's strongest privacy law. WhatsApp just found the gap it doesn't cover.

SCM feed for Latest

A recent discussion around WhatsApp's use of usernames has raised concerns about privacy and identity verification. While usernames can enhance user privacy by allowing individuals to avoid sharing phone numbers, they also create a loophole that could be exploited for fraud. This change in how users identify themselves on the platform could make it easier for scammers to impersonate others, leading to increased risks for users. As WhatsApp continues to navigate these privacy features, the balance between protecting user identity and ensuring security is becoming more complicated. This situation is particularly relevant given the strong privacy laws in Europe that WhatsApp must comply with.

Jul 15, 2026

SonicWall customers under threat as attackers exploit 2 zero-days

CyberScoop

SonicWall customers are currently facing significant risks as attackers exploit two critical zero-day vulnerabilities. Researchers revealed that these flaws were actively targeted by hackers three weeks prior to SonicWall's disclosure and patching efforts. This means that many users may still be vulnerable to attacks if they haven't updated their systems. The exploitation of these vulnerabilities could lead to unauthorized access to sensitive information and compromise network security. It's crucial for organizations using SonicWall products to take immediate action to secure their systems against these threats.

Jul 15, 2026

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

The Hacker News

Cybersecurity researchers have identified a new Internet-of-Things (IoT) botnet framework called TuxBot v3 Evolution. This botnet appears to have been developed with some assistance from a large language model (LLM), although the results have not been entirely successful. Notably, when the developers prompted the AI to generate botnet code, it included a safety disclaimer that the developers did not remove. This incident raises concerns about the potential misuse of AI in creating malicious software. As IoT devices become more prevalent, any vulnerabilities or botnets that target them could impact a wide range of users and systems, making it crucial for manufacturers and users to enhance their security measures.

Jul 15, 2026

Dems press DNI nominee Jay Clayton on election security questions, but leave dismayed

CyberScoop

During a recent confirmation hearing for Jay Clayton, the nominee for Director of National Intelligence (DNI), Democratic senators pressed him on various election security issues. Clayton denied being an 'election denier' but avoided giving direct answers to questions regarding the 2020 presidential election, his predecessor's involvement in a January raid on an election office, and broader election integrity concerns. This lack of clarity has left some senators feeling frustrated, as they sought assurances on the protection of future elections from interference and disinformation. The situation raises ongoing concerns about the federal government's commitment to safeguarding the electoral process, especially as the next elections approach. Ensuring election security is crucial for maintaining public trust in democratic institutions.

Jul 15, 2026

Is 'Tech-xit' Imminent? UK Steps Up Sovereignty Push Amid AI Strife

darkreading

The recent restrictions imposed by the US government on AI companies like Anthropic and OpenAI have sparked significant discussions in the UK and elsewhere about reducing dependence on American technology firms. This push for greater technological sovereignty comes as countries assess the implications of relying on foreign companies for critical AI capabilities. The situation raises concerns about data security and national interests, as countries may seek to develop their own AI models to safeguard against potential vulnerabilities and geopolitical risks. The call for sovereignty is not just about technology but also about ensuring that nations can protect their data and maintain control over their digital futures. As this dialogue progresses, it could lead to shifts in how AI technologies are developed and deployed globally.

Jul 15, 2026