CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-9717

criticalcovered by 1 sourcefirst seen 2026-06-25
View CSAF Summary Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product. The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical network applications. Failure to apply the remediation provided below may risk unauthorized execution of privileged commands or loss of HMI operability and configuration functionality, which could result in loss of control over system operations and disruption of critical services. The following versions of Schneider Electric PowerLogic P7 are affected: PowerLogic™ P7 vers:intdot/<=0.2.003.001.000 PowerLogic™ P7 0.2.003.001.000 CVSS Vendor Equipment Vulnerabilities v3 7.5 Schneider Electric Schneider Electric PowerLogic P7 NULL Pointer Dereference, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Reachable Assertion Background Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-9716 CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces. View CVE Details Affected Products Schneider Electric PowerLogic P7 Vendor: Schneider Electric Product Version: PowerLogic™ P7 version 0.2.003.001.000 and prior Product Status: fixed, known_affected Remediations Vendor fix Version V02.004.001 of PowerLogicTM P7 includes a fix for this vulnerability and is available for download. Contact Schneider Electric’s Customer Care Center to download this firmware. Reboot needed: Yes Mitigation If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Restrict network access to P7 service endpoints (ports 8080 and 3702) • Monitor and al

CSIRTS triage

vendor: Schneider Electricproduct: PowerLogic P7Otheraffected: intdot/<=0.2.003.001.000
What
A vulnerability may allow unauthorized execution of privileged commands.
Who is affected
Users of Schneider Electric PowerLogic P7 versions up to and including 0.2.003.001.000.
Urgency
Critical urgency due to the risk of loss of control over system operations.
Action
Apply the provided remediation to the affected versions.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-9717

Get an email if CVE-2026-9717 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-9717

CVE.org record

Embed the live status

CVE-2026-9717 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-9717 status](https://www.csirts.com/badge/CVE-2026-9717)](https://www.csirts.com/cve/CVE-2026-9717)