Serial number: AV26-449
Date: May 12, 2026
On May 12, 2026, Schneider Electric published advisories to address vulnerabilities in the following products:
- Ecostruxure Machine Expert HVAC – versions prior to 1.10.0
- Easergy MiCOM C264 – version D6.x and version D7.33 and prior
- Easergy C5 – version 1.1.17 and prior
- Easergy MiCOM P30 – multiple versions and models
- Easergy MiCOM P40 – multiple versions and models
- EcoStruxure Power Automation System – multiple versions and models
- iPMFLS – version 64.2025.0.13 and prior
- PowerLogic – multiple versions and models
- Saitel DP – version 11.06.36 and prior
- EasyLogic T150 (formerly Saitel DR) – version 11.06.30 and prior
- EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit and Controller – version 11.06.31 and prior
- Saitel DP Remote Terminal Unit and Controller – version 11.06.36 and prior
- EcoStruxure Panel Server PAS400, PAS600, PAS600V2, PAS800, PAS800V2 – version 002.005.000 and prior
- Easergy MiCOM Px40 Series – multiple versions and models
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.
- Clear Text Storage of Sensitive Information on EcoStruxure Machine Expert HVAC (PDF)
- Insufficient Entropy vulnerability on Multiple Products (PDF)
- Improper Limitation of a Pathname to a Restricted Directory Vulnerability on Multiple Products (PDF)
- Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure Panel Server (PDF)
- Schneider Electric Security Notifications