<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Easergy MiCOM P442 (All Versions Prior to E3A) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/easergy-micom-p442-all-versions-prior-to-e3a/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Thu, 09 Jul 2026 15:59:04 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/easergy-micom-p442-all-versions-prior-to-e3a/feed.xml" rel="self" type="application/rss+xml"/><item><title>Schneider Electric Easergy MiCOM Px40 Series Information Disclosure via Hard-coded Credentials (CVE-2026-4832)</title><link>https://feed.craftedsignal.io/briefs/2026-07-schneider-electric-easergy-micom-px40-cve-2026-4832/</link><pubDate>Thu, 09 Jul 2026 15:59:04 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-schneider-electric-easergy-micom-px40-cve-2026-4832/</guid><description>Schneider Electric Easergy MiCOM Px40 Series products are vulnerable to CVE-2026-4832, a hard-coded credentials flaw (CWE-798) that allows unauthenticated attackers to interrogate the SNMP port and expose basic device identification information from critical manufacturing, energy, and transportation systems assets globally.</description><content:encoded><![CDATA[<p>Schneider Electric has identified a vulnerability, CVE-2026-4832, affecting its Easergy MiCOM Px40 Series protection relays. This flaw stems from the use of hard-coded credentials, exposing basic device identification information through the SNMP protocol. This vulnerability impacts various models including P14x (prior to B4A), P24x (prior to D3A), P34x, P44x, P54x, P64x, P74x, and P84x series, which are deployed worldwide in critical infrastructure sectors such as Critical Manufacturing, Energy, and Transportation Systems. An unauthenticated attacker can exploit this weakness by interrogating the SNMP port, potentially gaining insights into network topology and device specifics. The advisory, published on July 9, 2026, highlights the importance of immediate mitigation to prevent unauthorized information exposure.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated attacker gains network access to a Schneider Electric Easergy MiCOM Px40 Series device, typically by being on the same network segment or via compromised network infrastructure.</li>
<li>The attacker targets the device's SNMP port (UDP 161) to initiate communication.</li>
<li>The attacker sends SNMP Get or GetNext requests to the device.</li>
<li>Due to the hard-coded credentials (CWE-798), the device responds to these unauthenticated requests or requests made with commonly known or easily guessable community strings.</li>
<li>The device's SNMP agent discloses basic device identification information, such as system description, device name, and other configuration data.</li>
<li>This information exposure can aid the attacker in further reconnaissance and potentially lead to more targeted attacks against the critical infrastructure systems.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2026-4832 leads to unauthorized exposure of basic device identification information. While not directly resulting in remote code execution or denial of service, this information disclosure provides attackers with valuable reconnaissance data about critical infrastructure assets. The Easergy MiCOM Px40 Series is widely deployed globally in Critical Manufacturing, Energy, and Transportation Systems sectors. Such details can be leveraged to map network topologies, identify specific device models and firmware versions, and plan more sophisticated attacks, increasing the risk to operational technology environments.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>For Easergy MiCOM Px40 Series devices where SNMP functionality is not required, contact Schneider Electric's Customer Care Center to upgrade firmware to a version without SNMP functionality, addressing CVE-2026-4832.</li>
<li>If SNMP is required, ensure devices are only used within a protected network environment, isolated from business networks, as outlined in the CISA advisory.</li>
<li>Deploy firewalls to protect and separate control system networks from other networks to restrict access to SNMP ports of affected devices.</li>
<li>For any remote access to affected devices, implement secure Virtual Private Networks (VPNs) and ensure VPNs are updated to the most current versions, as suggested by the CISA advisory.</li>
</ul>
]]></content:encoded><category domain="severity">medium</category><category domain="type">advisory</category><category>ics</category><category>ot</category><category>scada</category><category>vulnerability</category><category>schneider-electric</category><category>snmp</category><category>cve-2026-4832</category><category>information-disclosure</category></item></channel></rss>