Powerlogic P7
Monthly
Denial-of-service in Schneider Electric PowerLogic P7 power monitoring devices allows an authenticated attacker to crash a network-exposed service by sending a specially crafted request that triggers a reachable assertion (CWE-617), fully disrupting availability. The CVSS 4.0 score of 6.9 reflects the high-privilege prerequisite (PR:H) that constrains exploitation to actors with administrative credentials, while the availability impact is rated high (VA:H) with no confidentiality or integrity consequences. No public exploit code and no active exploitation via CISA KEV have been identified at time of analysis.
Authenticated command injection in Schneider Electric PowerLogic P7 power metering devices allows a privileged user to execute arbitrary OS commands with elevated privileges over a network-exposed service, fully compromising device integrity, confidentiality, and availability. The flaw (CWE-78) stems from improper neutralization of special elements passed to an underlying OS command. No public exploit identified at time of analysis, and the device is not listed in CISA KEV; EPSS data was not provided.
Denial-of-service in Schneider Electric PowerLogic P7 power metering devices allows remote, unauthenticated attackers to crash the device's HMI and configuration functionality by sending malformed requests to exposed network interfaces. The flaw stems from a NULL pointer dereference (CWE-476) that renders local management and configuration unavailable until recovery. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the CVSS 4.0 base score of 8.7 reflects a high availability impact with no confidentiality or integrity exposure.
Denial-of-service in Schneider Electric PowerLogic P7 power monitoring devices allows an authenticated attacker to crash a network-exposed service by sending a specially crafted request that triggers a reachable assertion (CWE-617), fully disrupting availability. The CVSS 4.0 score of 6.9 reflects the high-privilege prerequisite (PR:H) that constrains exploitation to actors with administrative credentials, while the availability impact is rated high (VA:H) with no confidentiality or integrity consequences. No public exploit code and no active exploitation via CISA KEV have been identified at time of analysis.
Authenticated command injection in Schneider Electric PowerLogic P7 power metering devices allows a privileged user to execute arbitrary OS commands with elevated privileges over a network-exposed service, fully compromising device integrity, confidentiality, and availability. The flaw (CWE-78) stems from improper neutralization of special elements passed to an underlying OS command. No public exploit identified at time of analysis, and the device is not listed in CISA KEV; EPSS data was not provided.
Denial-of-service in Schneider Electric PowerLogic P7 power metering devices allows remote, unauthenticated attackers to crash the device's HMI and configuration functionality by sending malformed requests to exposed network interfaces. The flaw stems from a NULL pointer dereference (CWE-476) that renders local management and configuration unavailable until recovery. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the CVSS 4.0 base score of 8.7 reflects a high availability impact with no confidentiality or integrity exposure.