CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Schneider Electric PowerLogic P7

criticalCVE-2026-9716CVE-2026-9717CVE-2026-9718
View CSAF Summary Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product. The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical network applications. Failure to apply the remediation provided below may risk unauthorized execution of privileged commands or loss of HMI operability and configuration functionality, which could result in loss of control over system operations and disruption of critical services. The following versions of Schneider Electric PowerLogic P7 are affected: PowerLogic™ P7 vers:intdot/<=0.2.003.001.000 PowerLogic™ P7 0.2.003.001.000 CVSS Vendor Equipment Vulnerabilities v3 7.5 Schneider Electric Schneider Electric PowerLogic P7 NULL Pointer Dereference, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Reachable Assertion Background Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-9716 CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces. View CVE Details Affected Products Schneider Electric PowerLogic P7 Vendor: Schneider Electric Product Version: PowerLogic™ P7 version 0.2.003.001.000 and prior Product Status: fixed, known_affected Remediations Vendor fix Version V02.004.001 of PowerLogicTM P7 includes a fix for this vulnerability and is available for download. Contact Schneider Electric’s Customer Care Center to download this firmware. Reboot needed: Yes Mitigation If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Restrict network access to P7 service endpoints (ports 8080 and 3702) • Monitor and al

CSIRTS triage

vendor: Schneider Electricproduct: PowerLogic P7Otheraffected: intdot/<=0.2.003.001.000
What
A vulnerability may allow unauthorized execution of privileged commands.
Who is affected
Users of Schneider Electric PowerLogic P7 versions up to and including 0.2.003.001.000.
Urgency
Critical urgency due to the risk of loss of control over system operations.
Action
Apply the provided remediation to the affected versions.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch PowerLogic P7

Get an email when a new PowerLogic P7 advisory drops — max one per day, one-click unsubscribe.

Details

Source
CISA Cybersecurity Advisories (US · national-cert · site)
Severity
critical
Published
2026-06-25
Exploitation
Not in CISA KEV at last sync

Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-07

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-9716coverage & exploitation statusNVD · CVE.org
CVE-2026-9717coverage & exploitation statusNVD · CVE.org
CVE-2026-9718coverage & exploitation statusNVD · CVE.org

More from CISA Cybersecurity Advisories