CISA has issued an Industrial Control Systems (ICS) advisory covering three vulnerabilities in Schneider Electric’s PowerLogic P7, a protection and control platform used in complex electrical network applications. All three flaws affect PowerLogic P7 firmware version 0.2.003.001.000 and prior, and the device is deployed worldwide across commercial facilities, critical manufacturing, and energy sectors.
Vulnerability Breakdown
- CVE-2026-9716 (CWE-476, CVSS 7.5 HIGH): A NULL Pointer Dereference vulnerability that can be triggered by malformed requests sent over exposed network interfaces. Successful exploitation causes a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable. No authentication is required, and the attack can be carried out remotely with low complexity.
- CVE-2026-9717 (CWE-78, CVSS 7.2 HIGH): An OS Command Injection flaw in a network-exposed service. A privileged authenticated user can exploit this vulnerability to execute arbitrary commands with elevated privileges, affecting system integrity, confidentiality, and availability.
- CVE-2026-9718 (CWE-617, CVSS 4.9 MEDIUM): A Reachable Assertion vulnerability that allows an authenticated attacker to trigger a denial-of-service condition by sending a specially crafted request to a vulnerable network-exposed service.
Affected Products and Fix
All three vulnerabilities affect PowerLogic P7 running firmware version 0.2.003.001.000 and earlier. Schneider Electric has released firmware version V02.004.001 as a fix for all three issues. Customers must contact Schneider Electric’s Customer Care Center to obtain the updated firmware. A device reboot is required after applying the update.
Mitigations for Unpatched Systems
Organizations that cannot immediately apply the firmware update should implement the following interim mitigations:
- Restrict network access to P7 service endpoints on ports 8080 and 3702.
- Monitor and alert on anomalous SOAP requests targeting the wsApp service.
- Limit administrative access and enforce least-privilege principles for all users interacting with the P7 platform.
- Isolate ICS networks from business networks using firewalls and physical access controls.
The vulnerabilities were reported to Schneider Electric by Cytrics, and subsequently reported to CISA by Schneider Electric CPCERT. Given the critical infrastructure sectors in which the PowerLogic P7 is deployed, operators should treat patching as a priority.
