CVE-2026-9651 | CWE-732 Incorrect Permission Assignment for Critical Resourc… | CVSS 6.7 MEDIUM

Description

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files.

Metadata

CVE ID: CVE-2026-9651
State: PUBLISHED
Assigner: schneider
Reserved: 2026-05-26 19:45 UTC
Published: 2026-06-25 14:47 UTC
Last updated: 2026-06-25 15:49 UTC
Primary CWE: CWE-732
CWE-732 Incorrect Permission Assignment for Critical Resourc…
Vendor / Product: Schneider Electric / EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller
Sources: cve.org · NVD

Severity & Metrics

6.7 MEDIUM CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
Schneider Electric	EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller	—	Version 11.06.31 and prior
Schneider Electric	Saitel DP Remote Terminal Unit & Controller	—	Version 11.06.37 and prior

Weakness (CWE)

CWE	Source	Description
CWE-732	cna	CWE-732 Incorrect Permission Assignment for Critical Resource

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.7	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References (1)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf