CVE-2021-22764

CWE-287 — Improper Authentication3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 51.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Powerlogic Pm5560 Firmware Schneider-electric Powerlogic Pm5561 Firmware Schneider-electric Powerlogic Pm5563 Firmware +1 more

Timeline

PublishedJun 11

Latest updateMay 24

Description

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDschneider-electric/powerlogic_pm5560_firmware< 2.7.8

▶NVDschneider-electric/powerlogic_pm5561_firmware< 10.7.3

▶NVDschneider-electric/powerlogic_pm5563_firmware< 2.7.8

▶NVDschneider-electric/powerlogic_pm5562_firmware2.5.4

🔴Vulnerability Details

GHSA

GHSA-57rv-qg24-x8hj: A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security↗2022-05-24

▶

CVEList

CVE-2021-22764: A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security↗2021-06-11

▶