CVE-2026-6866 Schneider Electric CVE debrief

Who should care

Organizations using Schneider Electric's EcoStruxure Panel Server, particularly those in industrial control systems (ICS) environments, should be aware of this vulnerability. The vulnerability's high CVSS score and potential impact on sensitive information disclosure make it a priority for defenders to assess their inventory and apply patches or mitigations as needed.

Technical summary

The CWE-1188 Initialization of a Resource with an Insecure Default vulnerability in Schneider Electric's EcoStruxure Panel Server could allow unauthorized authentication using known credentials. The vulnerability has a CVSS v4.0 Base Score of 7.5 and is considered high-severity. Multiple products are affected, including PAS800, PAS800V2, PAS600, PAS600V2, and PAS400. Schneider Electric has released patches for this vulnerability, which involve updating to version 002.006.000 or later.

Defensive priority

Defenders should prioritize patching affected EcoStruxure Panel Server systems, as the vulnerability has a high CVSS score and could lead to unauthorized disclosure of sensitive information. Additionally, defenders should review their inventory to ensure all affected products are identified and patched.

Recommended defensive actions

• Apply patches for affected EcoStruxure Panel Server systems
• Review inventory to ensure all affected products are identified
• Implement compensating controls, such as network segmentation and access controls
• Monitor for suspicious activity related to the vulnerability
• Consider implementing additional security measures, such as multi-factor authentication

Evidence notes

The CVE-2026-6866 vulnerability is documented in the CISA CSAF file and Schneider Electric's security advisories. The vulnerability has a CVSS v4.0 Base Score of 7.5 and is considered high-severity. Multiple products are affected, including PAS800, PAS800V2, PAS600, PAS600V2, and PAS400.

Official resources