CVE-2026-9718
Received Received - Intake
Reachable Assertion DoS in Network-Exposed Service

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Schneider Electric SE

Description
CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-9718
EUVD
EUVD-2026-39435
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
schneider_electric powerlogic_p7 to v02.004.001.000 (exc)
schneider_electric powerlogic_p7 v02.004.001.000
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-9718 is a medium-severity vulnerability classified as CWE-617 (Reachable Assertion) that affects Schneider Electric's PowerLogicβ„’ P7 product versions V02.003.001.000 and earlier.

This vulnerability allows an authenticated attacker to send a specially crafted request to a network-exposed service, which triggers a denial-of-service condition by causing a reachable assertion failure.

Impact Analysis

The vulnerability can lead to a denial-of-service condition, resulting in loss of system availability.

This impact could disrupt critical services that rely on the affected PowerLogicβ„’ P7 product, potentially causing operational interruptions.

Detection Guidance

The vulnerability affects Schneider Electric's PowerLogicβ„’ P7 product versions V02.003.001.000 and prior, specifically on the network-exposed service running on TCP/IP port 8080.

Detection can involve checking for the presence of the vulnerable service on port 8080 and verifying the firmware version of the PowerLogicβ„’ P7 device.

  • Use network scanning tools like nmap to detect if port 8080 is open on your devices: nmap -p 8080 <target-ip>
  • Check the firmware version of the PowerLogicβ„’ P7 device via its administrative interface or command line to confirm if it is V02.003.001.000 or earlier.
Mitigation Strategies

To mitigate the vulnerability, apply the latest firmware update (Version V02.004.001.000) provided by Schneider Electric.

Alternatively, restrict network access to the PowerLogicβ„’ P7 service endpoints by limiting access to TCP/IP port 8080.

Limit administrative access to trusted users to reduce the risk of an authenticated attacker exploiting the vulnerability.

Compliance Impact

The vulnerability in Schneider Electric's PowerLogicβ„’ P7 product allows an authenticated attacker to cause a denial-of-service condition, impacting system availability. Since availability is a key component of many compliance standards such as GDPR and HIPAA, this vulnerability could potentially affect compliance by disrupting critical services and availability requirements.

Mitigation steps such as applying firmware updates or restricting network access are recommended to maintain system availability and help ensure compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9718. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart