Schneider Electric's widely deployed MiCOM Px40 protection relays ship with hard-coded SNMP credentials — and patches are only now arriving.
The vulnerability, tracked as CVE-2026-4832, affects more than a dozen MiCOM Px40 sub-models used in medium-, high-, and extra-high-voltage grid protection worldwide. An unauthenticated attacker who can reach the SNMP port can query basic device identification data without any credentials of their own — because the credentials are already baked into the firmware. Schneider Electric's own product security team reported the issue to CISA. Firmware updates that close the hole are available for all listed models, with version designators varying by product line.
Hard-coded credentials in industrial control hardware are a chronic problem, not an isolated slip — and this one sits inside gear that guards the high-voltage infrastructure powering hospitals, transit systems, and factories. A CVSS score of 5.3 sounds mild, but device identification data in the wrong hands helps attackers map a target network before a more damaging move. The exposure is network-accessible with no authentication required and no user interaction needed.
For operators who cannot patch immediately, CISA and Schneider Electric recommend isolating the relays behind firewalls, blocking direct internet access, and tunneling any remote access through a VPN — advice that is entirely standard and entirely worth ignoring until something goes wrong.