CVE-2026-9651
CWE-732Published: June 25, 2026· Updated: Jun 25, 2026
Official Description
CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files.
Technical Analysis
CVE-2026-9651 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires high privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
News & Research Mentioning CVE-2026-9651
View CSAF Summary Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files. The following versions of Schneider Electric EasyLogic T150 and Saitel DP RTU are affected: EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller <=11.06.30 (CVE-2026-9650) EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller <=11.06.31 (CVE-2026-9651) Saitel DP Remote Terminal Unit & Controller <=11.06.35 (CVE-2026-9650) Saitel DP Remote Terminal Unit & Controller <=11.06.37 (CVE-2026-9651) CVSS Vendor Equipment Vulnerabilities v3 7.5 Schneider Electric Schneider Electri [xlite_meta score:79 src:CISA Alerts xlite_fp:803b0fd8f963a9cd3d47c275df516b80ee32593ea17e8fcf47b0b2034f672dd5]
All References (1)
Quick Facts
Related CVEs (CWE-732)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-9651 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts