Description
CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service.
Published: 2026-06-25
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A reachable assertion flaw allows an attacker with valid credentials to send a specially crafted request to a network‑exposed service, causing the system to halt or become unresponsive. The primary consequence is a loss of availability for the affected device, potentially disrupting industrial control operations. The weakness is identified as CWE‑617, indicating that the software does not properly guard against an assertion being triggered under unexpected conditions.

Affected Systems

Schneider Electric PowerLogic™ P7 devices are affected. No specific firmware or software version numbers are provided in the advisory, so all installations of the product should be considered at risk until a patch is released.

Risk and Exploitability

The CVSS score of 6.9 classifies the issue as medium severity. EPSS data is unavailable, so the precise likelihood of exploitation cannot be quantified; however, because the vulnerability requires authentication and a reachable assertion, a threat actor with legitimate credentials could trigger a denial‑of‑service. The vulnerability is not listed in CISA’s KEV catalog, suggesting that there is no confirmed exploitation at this time. Attackers would likely need to authenticate to the exposed service, then send the malicious request to cause the crash.

Generated by OpenCVE AI on June 25, 2026 at 16:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s approved patch or firmware update as soon as it becomes available.
  • Restrict network access to the exposed service to trusted hosts or subnets and enforce role‑based authentication.
  • Limit the privileges of legitimate users so that only necessary operations can reach the vulnerable service.
  • Monitor logs for abnormal request patterns and respond to any indications of attempted exploitation.

Generated by OpenCVE AI on June 25, 2026 at 16:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Title Reachable Assertion Causing Authenticated DoS in PowerLogic P7

Thu, 25 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service.
Weaknesses CWE-617
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2026-06-25T15:51:23.849Z

Reserved: 2026-05-27T16:02:13.186Z

Link: CVE-2026-9718

cve-icon Vulnrichment

Updated: 2026-06-25T15:50:46.215Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T17:00:11Z

Weaknesses