Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable management service (AV:N) with low complexity (AC:L) but requiring an existing privileged account (PR:H); injected commands run with elevated privileges yielding full C/I/A impact.
Primary rating from Vendor (schneider).
CVSS VectorVendor: schneider
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.
AnalysisAI
Authenticated command injection in Schneider Electric PowerLogic P7 power metering devices allows a privileged user to execute arbitrary OS commands with elevated privileges over a network-exposed service, fully compromising device integrity, confidentiality, and availability. The flaw (CWE-78) stems from improper neutralization of special elements passed to an underlying OS command. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already hold a privileged authenticated account on the PowerLogic P7 device (CVSS PR:H) and network reachability to the vulnerable management service (AV:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H, score 8.6 High) indicates a network-reachable, low-complexity attack with no user interaction but requiring high privileges (PR:H) - i.e., the attacker must already hold privileged authenticated access to the device's management service. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained privileged credentials for a PowerLogic P7 device - through credential reuse, phishing of an engineer, or a compromised engineering workstation - connects to the network-exposed management service and submits a crafted parameter containing shell metacharacters. The injected OS command executes with elevated privileges, letting the attacker alter metering data, disable the device, or pivot within the OT network. … |
| Remediation | Apply the firmware fix specified in Schneider Electric advisory SEVD-2026-160-03 (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-03.pdf); the exact patched firmware version is not included in the provided data and must be taken from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 HOURS: Audit network exposure of all Schneider Electric PowerLogic P7 devices; identify which systems are accessible from untrusted or external networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Powerlogic P7
View allDenial-of-service in Schneider Electric PowerLogic P7 power metering devices allows remote, unauthenticated attackers to
Denial-of-service in Schneider Electric PowerLogic P7 power monitoring devices allows an authenticated attacker to crash
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39434
GHSA-47f2-rprg-7x63