Vulnerability Description
A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Powerlogic Pm5560 Firmware | < 2.7.8 |
| Schneider-Electric | Powerlogic Pm5560 | - |
| Schneider-Electric | Powerlogic Pm5561 Firmware | < 10.7.3 |
| Schneider-Electric | Powerlogic Pm5561 | - |
| Schneider-Electric | Powerlogic Pm5562 Firmware | <= 2.5.4 |
| Schneider-Electric | Powerlogic Pm5562 | - |
| Schneider-Electric | Powerlogic Pm5563 Firmware | < 2.7.8 |
| Schneider-Electric | Powerlogic Pm5563 | - |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDoc
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp:/
FAQ
What is CVE-2021-22764?
CVE-2021-22764 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could ...
How severe is CVE-2021-22764?
CVE-2021-22764 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22764?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Powerlogic Pm5560 Firmware, Schneider-Electric Powerlogic Pm5560, Schneider-Electric Powerlogic Pm5561 Firmware, Schneider-Electric Powerlogic Pm5561, Schneider-Electric Powerlogic Pm5562 Firmware.