PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-9718 Schneider Electric CVE debrief

CVE-2026-9718 is a medium-severity vulnerability in Schneider Electric's Powerogic P7 firmware. An authenticated attacker could trigger a denial-of-service (DoS) condition by sending a specially crafted request to a vulnerable network-exposed service, impacting system availability. This vulnerability, classified as CWE-617 (Reachable Assertion), was published on June 25, 2026, and has a CVSS score of 6.9. Schneider Electric has provided a vendor advisory with mitigation details. Users should review their inventory and apply necessary patches or compensating controls.

Vendor
Schneider Electric
Product
PowerLogicâ„¢ P7
CVSS
MEDIUM 6.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-25
Original CVE updated
2026-07-01
Advisory published
2026-06-25
Advisory updated
2026-07-01

Who should care

Organizations using Schneider Electric's Powerogic P7 firmware should assess their exposure to this vulnerability. System administrators and cybersecurity teams responsible for maintaining network-exposed services and ensuring system availability should prioritize reviewing their inventory and applying necessary patches or compensating controls.

Technical summary

CVE-2026-9718 is a Reachable Assertion vulnerability (CWE-617) in Schneider Electric's Powerogic P7 firmware. An authenticated attacker can trigger a denial-of-service (DoS) condition by sending a specially crafted request to a vulnerable network-exposed service. The vulnerability has a CVSS score of 6.9 and is considered medium-severity. The affected product is Powerogic P7 firmware versions prior to 02.004.001.000. Schneider Electric has provided a vendor advisory with mitigation details.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability, as it could allow an authenticated attacker to impact system availability.

Recommended defensive actions

  • Review inventory of Powerogic P7 devices and firmware versions
  • Apply patches or updates provided by Schneider Electric
  • Implement compensating controls, such as network segmentation or access controls
  • Monitor system logs for suspicious activity
  • Verify system availability and perform regular maintenance

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its severity, and potential impact. A vendor advisory is available with mitigation details. The CWE-617 classification indicates a reachable assertion vulnerability.

Official resources

This article is AI-assisted and based on the supplied source corpus.