CVE-2026-6866 (CVSS 7.5) in Schneider Electric EcoStruxure Panel Server firmware 002.005.000 and earlier causes device credentials to silently revert to factory defaults under unspecified rare conditions, enabling unauthenticated access to OT-to-cloud gateways in critical infrastructure. Firmware 002.006.000 is the fix; affected models include PAS400, PAS600, PAS600V2, PAS800, and PAS800V2.