Schneider Electric disclosed a vulnerability in multiple versions of its EcoStruxure Panel Server gateway devices that could allow unauthorized authentication through credential reversion to insecure defaults. The flaw affects PAS800, PAS800V2, PAS600, PAS600V2, and PAS400 models running versions up to 002.005.000 or 002.006.000. Schneider Electric has released firmware version 002.006.000 as a fix, requiring device reboot for deployment.

Why it matters in Western Canada: EcoStruxure Panel Server devices are commonly deployed in energy infrastructure, critical manufacturing, and industrial control systems across Western Canadian organizations. The authentication bypass could expose sensitive operational data and allow unauthorized system access in high-consequence sectors.

CVEs: CVE-2026-6866

---

Summary generated from the original advisory. Read the full source: cisa-advisories