Schneider Electric PowerLogic P7

Risk Summary

Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product. The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical network applications. Failure to apply the remediation provided below may risk unauthorized execution of privileged commands or loss of HMI operability and configuration functionality, which could result in loss of control over system operations and disruption of critical services.

CVEs (3)

Remediations

• Version V02.004.001 of PowerLogicTM P7 includes a fix for this vulnerability and is available for download here: • Contact Schneider Electric’s Customer Care Center to download this firmware. • Reboot needed: Yes
• If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Restrict network access to P7 service endpoints (ports 8080 and 3702) • Monitor and alert on anomalous SOAP requests targeting wsApp • Limit administrative access and apply least privilege principles for all users interacting with P7.

Affected Vendors

Affected Products (2)

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy