Lucene search

K
cveSchneiderCVE-2021-22763
HistoryJun 11, 2021 - 4:15 p.m.

CVE-2021-22763

2021-06-1116:15:10
CWE-640
schneider
web.nvd.nist.gov
29
4
cve-2021-22763
cwe-640
weak password recovery
powerlogic pm55xx
powerlogic pm8ecc
powerlogic egx100
powerlogic egx300
security vulnerability

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

47.7%

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.

Affected configurations

Nvd
Node
schneider-electricpowerlogic_pm5560_firmwareRange<2.7.8
AND
schneider-electricpowerlogic_pm5560Match-
Node
schneider-electricpowerlogic_pm5561_firmwareRange<10.7.3
AND
schneider-electricpowerlogic_pm5561Match-
Node
schneider-electricpowerlogic_pm5562_firmwareRange2.5.4
AND
schneider-electricpowerlogic_pm5562Match-
Node
schneider-electricpowerlogic_pm5563_firmwareRange<2.7.8
AND
schneider-electricpowerlogic_pm5563Match-
Node
schneider-electricpowerlogic_pm8ecc_firmware
AND
schneider-electricpowerlogic_pm8eccMatch-
VendorProductVersionCPE
schneider-electricpowerlogic_pm5560_firmware*cpe:2.3:o:schneider-electric:powerlogic_pm5560_firmware:*:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5560-cpe:2.3:h:schneider-electric:powerlogic_pm5560:-:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5561_firmware*cpe:2.3:o:schneider-electric:powerlogic_pm5561_firmware:*:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5561-cpe:2.3:h:schneider-electric:powerlogic_pm5561:-:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5562_firmware*cpe:2.3:o:schneider-electric:powerlogic_pm5562_firmware:*:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5562-cpe:2.3:h:schneider-electric:powerlogic_pm5562:-:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5563_firmware*cpe:2.3:o:schneider-electric:powerlogic_pm5563_firmware:*:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5563-cpe:2.3:h:schneider-electric:powerlogic_pm5563:-:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm8ecc_firmware*cpe:2.3:o:schneider-electric:powerlogic_pm8ecc_firmware:*:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm8ecc-cpe:2.3:h:schneider-electric:powerlogic_pm8ecc:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) ",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation)"
      }
    ]
  }
]

Social References

More

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

47.7%

Related for CVE-2021-22763