5.3
CVE-2021-22764
- EPSS 0.33%
- Veröffentlicht 11.06.2021 16:15:10
- Zuletzt bearbeitet 24.11.2024 15:15:04
- Quelle cybersecurity@se.com
- Teams Watchlist Login
- Unerledigt Login
A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Schneider-electric ≫ Powerlogic Pm5560 Firmware Version < 2.7.8
Schneider-electric ≫ Powerlogic Pm5561 Firmware Version < 10.7.3
Schneider-electric ≫ Powerlogic Pm5562 Firmware Version <= 2.5.4
Schneider-electric ≫ Powerlogic Pm5563 Firmware Version < 2.7.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.552 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.