CVE-2021-22768 — CRITICAL (9.8)

Vulnerability Description

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Powerlogic Egx100 Firmware	>= 3.0.0
Schneider-Electric	Powerlogic Egx100	-
Schneider-Electric	Powerlogic Egx300 Firmware	All versions
Schneider-Electric	Powerlogic Egx300	-

Related Weaknesses (CWE)

CWE-20

References

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03Vendor Advisory
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03Vendor Advisory

FAQ

What is CVE-2021-22768?

CVE-2021-22768 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code executio...

How severe is CVE-2021-22768?

CVE-2021-22768 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-22768?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Powerlogic Egx100 Firmware, Schneider-Electric Powerlogic Egx100, Schneider-Electric Powerlogic Egx300 Firmware, Schneider-Electric Powerlogic Egx300.