Vulnerability Description
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Powerlogic Pm5560 Firmware | < 2.7.8 |
| Schneider-Electric | Powerlogic Pm5560 | - |
| Schneider-Electric | Powerlogic Pm5561 Firmware | < 10.7.3 |
| Schneider-Electric | Powerlogic Pm5561 | - |
| Schneider-Electric | Powerlogic Pm5562 Firmware | <= 2.5.4 |
| Schneider-Electric | Powerlogic Pm5562 | - |
| Schneider-Electric | Powerlogic Pm5563 Firmware | < 2.7.8 |
| Schneider-Electric | Powerlogic Pm5563 | - |
| Schneider-Electric | Powerlogic Pm8Ecc Firmware | All versions |
| Schneider-Electric | Powerlogic Pm8Ecc | - |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDoc
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp:/
FAQ
What is CVE-2021-22763?
CVE-2021-22763 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for ...
How severe is CVE-2021-22763?
CVE-2021-22763 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-22763?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Powerlogic Pm5560 Firmware, Schneider-Electric Powerlogic Pm5560, Schneider-Electric Powerlogic Pm5561 Firmware, Schneider-Electric Powerlogic Pm5561, Schneider-Electric Powerlogic Pm5562 Firmware.