VDB
CVE-2021-22764
CVE-2021-22764
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.
EPSS 0.25% · 48.4th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.25%
48.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | powerlogic_pm5562_firmware | 0 |
| schneider-electric | powerlogic_pm5561_firmware | 0 |
| schneider-electric | powerlogic_pm5560_firmware | 0 |
| schneider-electric | powerlogic_pm5563_firmware | 0 |
| n/a | PowerLogic PM55xx, PowerLogic EGX100, and PowerLogic EGX300 (see security notification for version infromation) | PowerLogic PM55xx, PowerLogic EGX100, and PowerLogic EGX300 (see security notification for version infromation) |
Exploit Intelligence
- CIRCL seen: CVE-2021-22764 (circl-sighting)
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03 (circl)
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf (circl)
Timeline
- Jun 9, 2021 CVE Published
- Jun 12, 2021 EPSS Score
- Aug 13, 2021 EPSS Score
- Oct 12, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 11, 2022 EPSS Score
- Mar 20, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 13, 2022 EPSS Score
- Aug 13, 2022 EPSS Score
- Oct 13, 2022 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-06 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf url
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-22764 advisory
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02,http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03 url