CVE-2026-9650 | CWE-522 Insufficiently Protected Credentials vulnerability t… | CVSS 8.7 HIGH

Description

CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the device if they have physical access to the device.

Metadata

CVE ID: CVE-2026-9650
State: PUBLISHED
Assigner: schneider
Reserved: 2026-05-26 19:45 UTC
Published: 2026-06-25 14:44 UTC
Last updated: 2026-06-25 15:49 UTC
Primary CWE: CWE-522
CWE-522 Insufficiently Protected Credentials
Vendor / Product: Schneider Electric / EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller
Sources: cve.org · NVD

Severity & Metrics

8.7 HIGH CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
Schneider Electric	EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller	—	Version 11.06.30 and prior
Schneider Electric	Saitel DP Remote Terminal Unit & Controller	—	Version 11.06.35 and prior

Weakness (CWE)

CWE	Source	Description
CWE-522	cna	CWE-522 Insufficiently Protected Credentials

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.7	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References (1)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf