Vulnerability Description
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Powerlogic Ion7400 Firmware | < 3.0.0 |
| Schneider-Electric | Powerlogic Ion7400 | - |
| Schneider-Electric | Powerlogic Ion7410 | - |
| Schneider-Electric | Powerlogic Ion7650 Firmware | All versions |
| Schneider-Electric | Powerlogic Ion7650 | - |
| Schneider-Electric | Powerlogic Ion8600 Firmware | All versions |
| Schneider-Electric | Powerlogic Ion8600 | - |
| Schneider-Electric | Powerlogic Ion8650 Firmware | <= 4.31.2 |
| Schneider-Electric | Powerlogic Ion8650 | - |
| Schneider-Electric | Powerlogic Ion8800 Firmware | All versions |
| Schneider-Electric | Powerlogic Ion8800 | - |
| Schneider-Electric | Powerlogic Ion9000 Firmware | < 3.0.0 |
| Schneider-Electric | Powerlogic Ion9000 | - |
| Schneider-Electric | Powerlogic Pm8000 Firmware | < 3.0.0 |
| Schneider-Electric | Powerlogic Pm8000 | - |
| Schneider-Electric | Powerlogic Ion8300 Firmware | All versions |
| Schneider-Electric | Powerlogic Ion8300 | - |
| Schneider-Electric | Powerlogic Ion8400 Firmware | All versions |
| Schneider-Electric | Powerlogic Ion8400 | - |
| Schneider-Electric | Powerlogic Ion8500 Firmware | All versions |
Related Weaknesses (CWE)
References
- https://www.se.com/ww/en/download/document/SEVD-2021-040-01/MitigationVendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2021-040-01/MitigationVendor Advisory
FAQ
What is CVE-2021-22701?
CVE-2021-22701 is a vulnerability with a CVSS score of 4.5 (MEDIUM). A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that co...
How severe is CVE-2021-22701?
CVE-2021-22701 has been rated MEDIUM with a CVSS base score of 4.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22701?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Powerlogic Ion7400 Firmware, Schneider-Electric Powerlogic Ion7400, Schneider-Electric Powerlogic Ion7410, Schneider-Electric Powerlogic Ion7650 Firmware, Schneider-Electric Powerlogic Ion7650.