PatchSiren cyber security CVE debrief
CVE-2026-9718 Schneider Electric CVE debrief
CVE-2026-9718 is a medium-severity vulnerability in Schneider Electric's Powerogic P7 firmware. An authenticated attacker could trigger a denial-of-service (DoS) condition by sending a specially crafted request to a vulnerable network-exposed service, impacting system availability. This vulnerability, classified as CWE-617 (Reachable Assertion), was published on June 25, 2026, and has a CVSS score of 6.9. Schneider Electric has provided a vendor advisory with mitigation details. Users should review their inventory and apply necessary patches or compensating controls.
- Vendor
- Schneider Electric
- Product
- PowerLogicâ„¢ P7
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-25
- Original CVE updated
- 2026-07-01
- Advisory published
- 2026-06-25
- Advisory updated
- 2026-07-01
Who should care
Organizations using Schneider Electric's Powerogic P7 firmware should assess their exposure to this vulnerability. System administrators and cybersecurity teams responsible for maintaining network-exposed services and ensuring system availability should prioritize reviewing their inventory and applying necessary patches or compensating controls.
Technical summary
CVE-2026-9718 is a Reachable Assertion vulnerability (CWE-617) in Schneider Electric's Powerogic P7 firmware. An authenticated attacker can trigger a denial-of-service (DoS) condition by sending a specially crafted request to a vulnerable network-exposed service. The vulnerability has a CVSS score of 6.9 and is considered medium-severity. The affected product is Powerogic P7 firmware versions prior to 02.004.001.000. Schneider Electric has provided a vendor advisory with mitigation details.
Defensive priority
Medium priority should be given to patching or mitigating this vulnerability, as it could allow an authenticated attacker to impact system availability.
Recommended defensive actions
- Review inventory of Powerogic P7 devices and firmware versions
- Apply patches or updates provided by Schneider Electric
- Implement compensating controls, such as network segmentation or access controls
- Monitor system logs for suspicious activity
- Verify system availability and perform regular maintenance
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, its severity, and potential impact. A vendor advisory is available with mitigation details. The CWE-617 classification indicates a reachable assertion vulnerability.
Official resources
-
CVE-2026-9718 CVE record
CVE.org
-
CVE-2026-9718 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory, Mitigation
This article is AI-assisted and based on the supplied source corpus.