10
CVE-2021-22763
- EPSS 0.25%
- Veröffentlicht 11.06.2021 16:15:10
- Zuletzt bearbeitet 24.11.2024 15:15:04
- Quelle cybersecurity@se.com
- Teams Watchlist Login
- Unerledigt Login
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Schneider-electric ≫ Powerlogic Pm5560 Firmware Version < 2.7.8
Schneider-electric ≫ Powerlogic Pm5561 Firmware Version < 10.7.3
Schneider-electric ≫ Powerlogic Pm5562 Firmware Version <= 2.5.4
Schneider-electric ≫ Powerlogic Pm5563 Firmware Version < 2.7.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.48 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.