Schneider Electric PowerLogic P7

Plan PatchCVSS 7.5ICS-CERT ICSA-26-176-07Jun 9, 2026

Schneider ElectricEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric PowerLogic P7 is vulnerable to unauthorized execution of privileged commands through its web service endpoints. The vulnerability affects versions 0.2.003.001.000 and earlier. Exploitation could result in loss of control over electrical network operations, disruption of the HMI interface, and loss of configuration functionality.

What this means

What could happen

An attacker with network access to the P7 device could execute privileged commands or disrupt the HMI interface, potentially causing loss of control over electrical network operations and service disruptions.

Who's at risk

Energy utilities and manufacturing facilities using Schneider Electric PowerLogic P7 protection and control platforms for electrical network management. This includes power distribution operators, substation managers, and anyone responsible for electrical grid control and monitoring systems.

How it could be exploited

An attacker on the network sends a malicious request to the P7's web service endpoints (ports 8080 or 3702), targeting the wsApp SOAP interface. The vulnerability allows command execution without authentication, giving the attacker ability to run privileged operations that control electrical network functions.

Prerequisites

Network access to P7 ports 8080 or 3702
Ability to craft and send HTTP/SOAP requests to the vulnerable wsApp endpoint
No valid credentials required

remotely exploitableno authentication requiredlow complexityaffects critical electrical control systemscan disrupt HMI and configuration functions

Exploitability

Unlikely to be exploited — EPSS score 1.0%

Affected products (1)

ProductAffected VersionsFix Status

PowerLogic™ P7≤ 0.2.003.001.0000.2.003.001.000

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to P7 service endpoints (ports 8080 and 3702) using firewall rules, allowing only authorized management networks

HARDENINGEnable monitoring and alerting on anomalous SOAP requests targeting the wsApp service

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerLogic P7 firmware to version V02.004.001 or later

Long-term hardening

0/1

HARDENINGImplement least privilege access controls for all users and administrative accounts interacting with P7

CVEs (3)

CVE-2026-9716 CVE-2026-9717 CVE-2026-9718

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b8dadfab-c58a-462b-9613-631f8f48d579

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.