CVE-2026-9717

HIGH

Schneider Electric PowerLogic™ P7 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Title source: rule
STIX 2.1

Description

CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.

Scores

CVSS v3 7.2
EPSS 0.0119
EPSS Percentile 64.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (2)
Schneider Electric/PowerLogic™ P7 Version V02.003.001.000 and prior
schneider-electric/powerlogic_p7_firmware < 02.004.001.000
Published Jun 25, 2026
Tracked Since Jun 25, 2026