CVE-2026-6332 MEDIUM

CVE-2026-6332: Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

Vendor Schneider Electric
Product Ecostruxure™ Machine Expert HVAC
Weakness CWE-312 · Cleartext storage
Published May 14, 2026
Last update May 14, 2026

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it.

Key dates

02Disclosure timeline

May 14, 2026 CVE published
May 14, 2026 Record updated