CVE-2021-22767

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.8%

top 26.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Powerlogic Egx100 Firmware

Timeline

PublishedJun 11

Latest updateMay 24

Description

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5powerlogic_egx100_(versions_3.0.0_and_newer)_and_powerlogic_egx300_(all_versions)PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)

▶NVDschneider-electric/powerlogic_egx100_firmware

🔴Vulnerability Details

GHSA

GHSA-88cq-9hm3-v7ff: ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3↗2022-05-24

▶

CVEList

CVE-2021-22767: A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3↗2021-06-11

▶