Skip to main content

Powerlogic P7

3 CVEs product

Monthly

CVE-2026-9718 MEDIUM CISA This Month

Denial-of-service in Schneider Electric PowerLogic P7 power monitoring devices allows an authenticated attacker to crash a network-exposed service by sending a specially crafted request that triggers a reachable assertion (CWE-617), fully disrupting availability. The CVSS 4.0 score of 6.9 reflects the high-privilege prerequisite (PR:H) that constrains exploitation to actors with administrative credentials, while the availability impact is rated high (VA:H) with no confidentiality or integrity consequences. No public exploit code and no active exploitation via CISA KEV have been identified at time of analysis.

Denial Of Service Powerlogic P7
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-9717 HIGH CISA Act Now

Authenticated command injection in Schneider Electric PowerLogic P7 power metering devices allows a privileged user to execute arbitrary OS commands with elevated privileges over a network-exposed service, fully compromising device integrity, confidentiality, and availability. The flaw (CWE-78) stems from improper neutralization of special elements passed to an underlying OS command. No public exploit identified at time of analysis, and the device is not listed in CISA KEV; EPSS data was not provided.

Command Injection Powerlogic P7
NVD VulDB
CVSS 4.0
8.6
EPSS
1.0%
CVE-2026-9716 HIGH CISA Act Now

Denial-of-service in Schneider Electric PowerLogic P7 power metering devices allows remote, unauthenticated attackers to crash the device's HMI and configuration functionality by sending malformed requests to exposed network interfaces. The flaw stems from a NULL pointer dereference (CWE-476) that renders local management and configuration unavailable until recovery. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the CVSS 4.0 base score of 8.7 reflects a high availability impact with no confidentiality or integrity exposure.

Denial Of Service Null Pointer Dereference Powerlogic P7
NVD VulDB
CVSS 4.0
8.7
EPSS
0.3%
EPSS 0% CVSS 6.9
MEDIUM This Month

Denial-of-service in Schneider Electric PowerLogic P7 power monitoring devices allows an authenticated attacker to crash a network-exposed service by sending a specially crafted request that triggers a reachable assertion (CWE-617), fully disrupting availability. The CVSS 4.0 score of 6.9 reflects the high-privilege prerequisite (PR:H) that constrains exploitation to actors with administrative credentials, while the availability impact is rated high (VA:H) with no confidentiality or integrity consequences. No public exploit code and no active exploitation via CISA KEV have been identified at time of analysis.

Denial Of Service Powerlogic P7
NVD VulDB
EPSS 1% CVSS 8.6
HIGH Act Now

Authenticated command injection in Schneider Electric PowerLogic P7 power metering devices allows a privileged user to execute arbitrary OS commands with elevated privileges over a network-exposed service, fully compromising device integrity, confidentiality, and availability. The flaw (CWE-78) stems from improper neutralization of special elements passed to an underlying OS command. No public exploit identified at time of analysis, and the device is not listed in CISA KEV; EPSS data was not provided.

Command Injection Powerlogic P7
NVD VulDB
EPSS 0% CVSS 8.7
HIGH Act Now

Denial-of-service in Schneider Electric PowerLogic P7 power metering devices allows remote, unauthenticated attackers to crash the device's HMI and configuration functionality by sending malformed requests to exposed network interfaces. The flaw stems from a NULL pointer dereference (CWE-476) that renders local management and configuration unavailable until recovery. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the CVSS 4.0 base score of 8.7 reflects a high availability impact with no confidentiality or integrity exposure.

Denial Of Service Null Pointer Dereference Powerlogic P7
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy