CVE-2026-9716
View CSAF Summary Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product. The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical network applications. Failure to apply the remediation provided below may risk unauthorized execution of privileged commands or loss of HMI operability and configuration functionality, which could result in loss of control over system operations and disruption of critical services. The following versions of Schneider Electric PowerLogic P7 are affected: PowerLogic™ P7 vers:intdot/<=0.2.003.001.000 PowerLogic™ P7 0.2.003.001.000 CVSS Vendor Equipment Vulnerabilities v3 7.5 Schneider Electric Schneider Electric PowerLogic P7 NULL Pointer Dereference, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Reachable Assertion Background Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-9716 CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces. View CVE Details Affected Products Schneider Electric PowerLogic P7 Vendor: Schneider Electric Product Version: PowerLogic™ P7 version 0.2.003.001.000 and prior Product Status: fixed, known_affected Remediations Vendor fix Version V02.004.001 of PowerLogicTM P7 includes a fix for this vulnerability and is available for download. Contact Schneider Electric’s Customer Care Center to download this firmware. Reboot needed: Yes Mitigation If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Restrict network access to P7 service endpoints (ports 8080 and 3702) • Monitor and al
CSIRTS triage
- What
- A vulnerability may allow unauthorized execution of privileged commands.
- Who is affected
- Users of Schneider Electric PowerLogic P7 versions up to and including 0.2.003.001.000.
- Urgency
- Critical urgency due to the risk of loss of control over system operations.
- Action
- Apply the provided remediation to the affected versions.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-9716
Get an email if CVE-2026-9716 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 18% of all EPSS-scored CVEs.
Advisory coverage (1)
- criticalSchneider Electric PowerLogic P7cisa · 2026-06-25
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-9716)