Use of Hard-coded Credentials vulnerability on Easergy MiCOM Px40 Series
MonitorCVSS 5.3SEVD-2026-104-03Apr 14, 2026
Schneider ElectricEnergy
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Hard-coded credentials exist in Easergy MiCOM Px40 series protection relays that allow unauthorized access to the device and exposure of sensitive configuration and operational data. The vulnerability affects multiple models across the P1xx, P2xx, P3xx, P4xx, P5xx, P6xx, P7xx, and P8xx lines. All affected models have vendor-supplied firmware fixes available.
What this means
What could happen
An attacker with network access to an Easergy MiCOM protection relay could use hard-coded credentials to log in and read sensitive device configuration and operational data. This could reveal critical information about your power system protection setup, but does not directly enable changes to relay settings or control actions.
Who's at risk
Electrical utilities operating Easergy MiCOM Px40 series protection relays should apply firmware updates. These relays protect medium voltage, high voltage, and extra high voltage distribution and transmission systems. Affected models include P14x, P24x, P341–P345, P442–P445, P543–P546, P642–P645, P741–P743, P746, P841, and P849 series.
How it could be exploited
An attacker on your network (or with remote access to the relay) connects to the management interface and authenticates using hard-coded credentials embedded in the firmware. Once authenticated, the attacker can retrieve and read sensitive data stored on the relay, including configuration details and device information.
Prerequisites
- Network access to the relay's management interface (typically port 502 or web interface)
- No valid user credentials required—attacker uses hard-coded credentials built into the firmware
remotely exploitableno authentication required (hard-coded credentials)low complexityaffects critical protection relay infrastructure
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (13)
13 with fix
ProductAffected VersionsFix Status
Easergy MiCOM P14x All< B4AB4A
Easergy MiCOM P24x All< D3AD3A
Easergy MiCOM P341 All< E3FE3F
Easergy MiCOM P342, P343, P344, P345 All< B3FB3F
Easergy MiCOM P442 P444 All< E3AE3A
Easergy MiCOM P443, P445, P446, P543, P544, P545, P546 All< H6AH6A
Easergy MiCOM P841 All< G6AG6A
Easergy MiCOM P643 All< B3FB3F
Remediation & Mitigation
0/13
Do now
0/1WORKAROUNDRestrict network access to the relay's management interface to authorized engineering workstations and control center systems only using firewall rules or network segmentation
Schedule — requires maintenance window
0/12Patching may require device reboot — plan for process interruption
HOTFIXUpdate MiCOM P14x to firmware version B4A or later
HOTFIXUpdate MiCOM P24x to firmware version D3A or later
HOTFIXUpdate MiCOM P341 to firmware version E3F or later
HOTFIXUpdate MiCOM P342, P343, P344, P345 to firmware version B3F or later
HOTFIXUpdate MiCOM P442, P444 to firmware version E3A or later
HOTFIXUpdate MiCOM P443, P445, P446, P543, P544, P545, P546 to firmware version H6A or later
HOTFIXUpdate MiCOM P841 to firmware version G6A or later
HOTFIXUpdate MiCOM P643 to firmware version B3F or later
HOTFIXUpdate MiCOM P642, P645 to firmware version B4A or later
HOTFIXUpdate MiCOM P741, P742, P743 to firmware version B2A or later
HOTFIXUpdate MiCOM P746 to firmware version B4E or C4E or later
HOTFIXUpdate MiCOM P849 to firmware version B4A or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/98b48091-efa6-407f-9239-a007c12980a2Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.