CVE-2021-22763

CWE-6403 documents3 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 49.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Powerlogic Pm5560 Firmware Schneider-electric Powerlogic Pm5561 Firmware Schneider-electric Powerlogic Pm5563 Firmware +1 more

Timeline

PublishedJun 11

Latest updateMay 24

Description

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDschneider-electric/powerlogic_pm5560_firmware< 2.7.8

▶NVDschneider-electric/powerlogic_pm5561_firmware< 10.7.3

▶NVDschneider-electric/powerlogic_pm5563_firmware< 2.7.8

▶NVDschneider-electric/powerlogic_pm5562_firmware2.5.4

🔴Vulnerability Details

GHSA

GHSA-xj35-rhxx-w86c: A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and↗2022-05-24

▶

CVEList

CVE-2021-22763: A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and↗2021-06-11

▶