CVE-2021-22768

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.8%
top 26.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Powerlogic Egx100 Firmware
Timeline
PublishedJun 11
Latest updateMay 24

Description

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5powerlogic_egx100_(versions_3.0.0_and_newer)_and_powerlogic_egx300_(all_versions)PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)

🔴Vulnerability Details

2
GHSA
GHSA-r3vq-f4qg-mw78: ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 32022-05-24
CVEList
CVE-2021-22768: A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 32021-06-11
CVE-2021-22768 (CRITICAL CVSS 9.8) | A CWE-20: Improper Input Validation | cvebase.io