Zero Day MonitorZDM

← Back to list

—

CVE-2026-4832EXPLOITED

schneider electric · easergy micom p14x

CVE-2026-4832: CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device info

Description

CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.

Affected Products

Vendor	Product	Versions
schneider electric	easergy micom p14x	All versions prior to B4A, All versions prior to D3A, All versions prior to E3F, All versions prior to B3F, All versions prior to E3A, All versions prior to H6A, All versions prior to B4A, All versions prior to B3F, All versions prior to B2A, All versions prior to B4E or C4E, All versions prior to G6A, All versions prior to B4A

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-03.pdf

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2026-4832 | Schneider Electric Easergy MiCOM P849 SNMP hard-coded credentials (SEVD-2026-104-03)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-798

PublishedApr 14, 2026

Last enriched5h agov2

Trending Score49

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-2402EXP

CVE-2026-2402: CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to g

NONECVE-2026-2403EXP

CVE-2026-2403: CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log tru

NONECVE-2026-2405EXP

CVE-2026-2405: CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creat

HIGHCVE-2026-2404

CVE-2026-2404: CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when

CRITICALCVE-2026-2399

CVE-2026-2399: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could ca

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: description, affectedVersions, severity, activelyExploited

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Version History

v2

Last enriched 5h ago

v2Tier C5h ago

Updated severity to CRITICAL, added new affected products and versions, and corrected exploit availability status.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v16h ago

Initial creation