5.3

CVE-2021-22764

EPSS 0.33%
Published 11.06.2021 16:15:10
Last modified 24.11.2024 15:15:04
Source cybersecurity@se.com
Teams watchlist Login
Open Login

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Powerlogic Pm5560 Firmware Version < 2.7.8

Schneider-electric ≫ Powerlogic Pm5560 Version-

Schneider-electric ≫ Powerlogic Pm5561 Firmware Version < 10.7.3

Schneider-electric ≫ Powerlogic Pm5561 Version-

Schneider-electric ≫ Powerlogic Pm5562 Firmware Version <= 2.5.4

Schneider-electric ≫ Powerlogic Pm5562 Version-

Schneider-electric ≫ Powerlogic Pm5563 Firmware Version < 2.7.8

Schneider-electric ≫ Powerlogic Pm5563 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.552

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03

https://nvd.nist.gov/vuln/detail/CVE-2021-22764

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22764

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22764

EUVD