CVE-2026-9651
Summary
| CVE | CVE-2026-9651 |
|---|---|
| State | PUBLISHED |
| Assigner | schneider |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-25 16:16:43 UTC |
| Updated | 2026-07-14 16:00:32 UTC |
| Description | CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files. |
Risk And Classification
Primary CVSS: v4.0 6.7 MEDIUM from [email protected]
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.001060000 probability, percentile 0.013090000 (date 2026-07-14)
Problem Types: CWE-732 | CWE-732 CWE-732 Incorrect Permission Assignment for Critical Resource
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 6.7 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 6.7 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| 3.1 | [email protected] | Primary | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
CVSS v4.0 Breakdown
Attack Vector
LocalAttack Complexity
LowAttack Requirements
NonePrivileges Required
HighUser Interaction
NoneConfidentiality
HighIntegrity
NoneAvailability
NoneSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
HighUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Schneider-electric | Easylogic T150 | - | All | All | All |
| Operating System | Schneider-electric | Easylogic T150 Firmware | All | All | All | All |
| Hardware | Schneider-electric | Saitel Dp | - | All | All | All |
| Operating System | Schneider-electric | Saitel Dp Firmware | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Schneider Electric | EasyLogic T150 Formerly Saitel DR Remote Terminal Unit Controller | affected Version 11.06.31 and prior | Not specified |
| CNA | Schneider Electric | Saitel DP Remote Terminal Unit Controller | affected Version 11.06.37 and prior | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| download.schneider-electric.com/files | [email protected] | download.schneider-electric.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.