CVE-2026-9717_CVE-2026-9717

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.

AI Analysis

OS Command Injection vulnerability allowing unauthorized execution of commands with elevated privileges

Basic Information

ID CVE-2026-9717

Source schneider

Published Jun 25, 2026 at 15:05

Affected Product

Vendor Schneider Electric

Product PowerLogic™ P7

Version Version V02.003.001.000 and prior

Affected Versions Schneider Electric PowerLogic™ P7 Version V02.003.001.000 and prior

CWE Classification

CWE-78

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Schneider Electric

Product PowerLogic P7

Version V02.003.001.000 and prior

References

download.schneider-electric.com /files

{
    "lastseen": "",
    "description": "CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.",
    "published": "2026-06-25T15:05:36.423Z",
    "modified": "2026-06-25T15:05:36.423Z",
    "type": "cve",
    "title": "CVE-2026-9717",
    "source": "schneider",
    "references": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-03.pdf",
    "id": "CVE-2026-9717",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Schneider Electric PowerLogic\u2122 P7 Version V02.003.001.000 and prior",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PowerLogic\u2122 P7",
    "version": "Version V02.003.001.000 and prior",
    "vendor": "Schneider Electric",
    "ai_description": "OS Command Injection vulnerability allowing unauthorized execution of commands with elevated privileges",
    "ai_severity": "High",
    "ai_vendor": "Schneider Electric",
    "ai_product": "PowerLogic P7",
    "ai_version": "V02.003.001.000 and prior",
    "ai_score": 8.6
}