Description
CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces.
Published: 2026-06-25
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a NULL Pointer Dereference (CWE‑476). When a malformed request is sent over the device’s exposed network interfaces, the system attempts to dereference a null pointer, which causes a denial‑of‑service condition that shuts down the HMI and configuration functionality. The impact is a loss of availability for the device’s management interface, potentially disrupting industrial automation operations.

Affected Systems

Schneider Electric’s PowerLogic™ P7 products are affected. The CVE references a security notice for SEVD‑2026‑160‑03. No specific version range is listed in the CNA data, so all current or previous versions of the PowerLogic™ P7 platform are potentially vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, with a high likelihood of severe impact on availability. The EPSS score is not available, so the exploitation probability is unknown, but the absence of a KEV listing suggests no known large‑scale exploitation yet. The likely attack vector is network based; an attacker would need to send specially crafted requests to the exposed interfaces to trigger the null dereference.

Generated by OpenCVE AI on June 25, 2026 at 16:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the latest firmware or software update from Schneider Electric, following the guidance in the cited security notice.
  • Restrict network access to the PowerLogic P7 device by enabling firewall rules or VLAN segmentation to limit exposure of the HMI interfaces.
  • Configure the device to reject malformed input or enable any built‑in input validation settings if available as a temporary workaround.

Generated by OpenCVE AI on June 25, 2026 at 16:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Title NULL Pointer Dereference Causing Denial of Service in Schneider Electric PowerLogic™ P7

Thu, 25 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces.
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2026-06-25T15:49:59.528Z

Reserved: 2026-05-27T16:02:10.007Z

Link: CVE-2026-9716

cve-icon Vulnrichment

Updated: 2026-06-25T15:49:56.687Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:45:03Z

Weaknesses