CVE-2021-22703
published 2021-02-19CVE-2021-22703: A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | powerlogic_ion7400_firmware | < 3.0.0 | 3.0.0 |
| schneider-electric | powerlogic_ion8650_firmware | <= 4.31.2 | — |
| schneider-electric | powerlogic_ion9000_firmware | < 3.0.0 | 3.0.0 |
| schneider-electric | powerlogic_pm8000_firmware | < 3.0.0 | 3.0.0 |