Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22764

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.

Published

2021-06-11T16:15:10.390

Last Modified

2024-11-24T15:15:04.637

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-287
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System schneider-electric powerlogic_pm5560_firmware < 2.7.8 Yes
Hardware schneider-electric powerlogic_pm5560 - No
Operating System schneider-electric powerlogic_pm5561_firmware < 10.7.3 Yes
Hardware schneider-electric powerlogic_pm5561 - No
Operating System schneider-electric powerlogic_pm5562_firmware ≤ 2.5.4 Yes
Hardware schneider-electric powerlogic_pm5562 - No
Operating System schneider-electric powerlogic_pm5563_firmware < 2.7.8 Yes
Hardware schneider-electric powerlogic_pm5563 - No
References