A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.
2021-06-11T16:15:10.320
2024-11-24T15:15:04.450
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | schneider-electric | powerlogic_pm5560_firmware | < 2.7.8 | Yes |
| Hardware | schneider-electric | powerlogic_pm5560 | - | No |
| Operating System | schneider-electric | powerlogic_pm5561_firmware | < 10.7.3 | Yes |
| Hardware | schneider-electric | powerlogic_pm5561 | - | No |
| Operating System | schneider-electric | powerlogic_pm5562_firmware | ≤ 2.5.4 | Yes |
| Hardware | schneider-electric | powerlogic_pm5562 | - | No |
| Operating System | schneider-electric | powerlogic_pm5563_firmware | < 2.7.8 | Yes |
| Hardware | schneider-electric | powerlogic_pm5563 | - | No |
| Operating System | schneider-electric | powerlogic_pm8ecc_firmware | * | Yes |
| Hardware | schneider-electric | powerlogic_pm8ecc | - | No |