CVE-2026-9718
Analyzed Analyzed - Analysis Complete

Reachable Assertion DoS in Network-Exposed Service

Vulnerability report for CVE-2026-9718, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-01

Assigner: Schneider Electric SE

Description

CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-01
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
schneider-electric powerlogic_p7_firmware to 02.004.001.000 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in Schneider Electric's PowerLogicβ„’ P7 product allows an authenticated attacker to cause a denial-of-service condition, impacting system availability. Since availability is a key component of many compliance standards such as GDPR and HIPAA, this vulnerability could potentially affect compliance by disrupting critical services and availability requirements.

Mitigation steps such as applying firmware updates or restricting network access are recommended to maintain system availability and help ensure compliance with these standards.

Executive Summary

CVE-2026-9718 is a medium-severity vulnerability classified as CWE-617 (Reachable Assertion) that affects Schneider Electric's PowerLogicβ„’ P7 product versions V02.003.001.000 and earlier.

This vulnerability allows an authenticated attacker to send a specially crafted request to a network-exposed service, which triggers a denial-of-service condition by causing a reachable assertion failure.

Impact Analysis

The vulnerability can lead to a denial-of-service condition, resulting in loss of system availability.

This impact could disrupt critical services that rely on the affected PowerLogicβ„’ P7 product, potentially causing operational interruptions.

Detection Guidance

The vulnerability affects Schneider Electric's PowerLogicβ„’ P7 product versions V02.003.001.000 and prior, specifically on the network-exposed service running on TCP/IP port 8080.

Detection can involve checking for the presence of the vulnerable service on port 8080 and verifying the firmware version of the PowerLogicβ„’ P7 device.

  • Use network scanning tools like nmap to detect if port 8080 is open on your devices: nmap -p 8080 <target-ip>
  • Check the firmware version of the PowerLogicβ„’ P7 device via its administrative interface or command line to confirm if it is V02.003.001.000 or earlier.
Mitigation Strategies

To mitigate the vulnerability, apply the latest firmware update (Version V02.004.001.000) provided by Schneider Electric.

Alternatively, restrict network access to the PowerLogicβ„’ P7 service endpoints by limiting access to TCP/IP port 8080.

Limit administrative access to trusted users to reduce the risk of an authenticated attacker exploiting the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9718. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart