Schneider-Electric Powerlogic Ion8650 Firmware vulnerabilities

CVE-2021-22713 [HIGH] CWE-119 CVE-2021-22713: A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exis A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot.

CVE-2021-22702 [HIGH] CWE-319 CVE-2021-22702: A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION740 A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and t

CVE-2021-22703 [HIGH] CWE-319 CVE-2021-22703: A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION740 A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.

CVE-2021-22701 [MEDIUM] CWE-352 CVE-2021-22701: A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/8 A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.