CVE-2026-9717 | CWE-78 Neutralization of Special Elements used in an OS Comm… | CVSS 8.6 HIGH

Description

CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.

Metadata

CVE ID: CVE-2026-9717
State: PUBLISHED
Assigner: schneider
Reserved: 2026-05-27 16:02 UTC
Published: 2026-06-25 15:05 UTC
Last updated: 2026-06-25 15:50 UTC
Primary CWE: CWE-78
CWE-78 Improper neutralization of special elements used in a…
Vendor / Product: Schneider Electric / PowerLogic™ P7
Sources: cve.org · NVD

Severity & Metrics

8.6 HIGH CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Schneider Electric	PowerLogic™ P7	—	Version V02.003.001.000 and prior

Weakness (CWE)

CWE	Source	Description
CWE-78	cna	CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.6	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (1)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-03.pdf