Lucene search

[email protected]NVD:CVE-2021-22763

HistoryJun 11, 2021 - 4:15 p.m.

CVE-2021-22763

2021-06-1116:15:10

CWE-640

[email protected]

web.nvd.nist.gov

cwe-640

powerlogic

weak password recovery

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.7%

JSON

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.

Affected configurations

Nvd

Node

schneider-electricpowerlogic_pm5560_firmwareRange<2.7.8

AND

schneider-electricpowerlogic_pm5560Match-

Node

schneider-electricpowerlogic_pm5561_firmwareRange<10.7.3

AND

schneider-electricpowerlogic_pm5561Match-

Node

schneider-electricpowerlogic_pm5562_firmwareRange≤2.5.4

AND

schneider-electricpowerlogic_pm5562Match-

Node

schneider-electricpowerlogic_pm5563_firmwareRange<2.7.8

AND

schneider-electricpowerlogic_pm5563Match-

Node

schneider-electricpowerlogic_pm8ecc_firmware

AND

schneider-electricpowerlogic_pm8eccMatch-

VendorProductVersionCPE
schneider-electricpowerlogic_pm5560_firmware*cpe:2.3:o:schneider-electric:powerlogic_pm5560_firmware:*:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5560-cpe:2.3:h:schneider-electric:powerlogic_pm5560:-:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5561_firmware*cpe:2.3:o:schneider-electric:powerlogic_pm5561_firmware:*:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5561-cpe:2.3:h:schneider-electric:powerlogic_pm5561:-:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5562_firmware*cpe:2.3:o:schneider-electric:powerlogic_pm5562_firmware:*:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5562-cpe:2.3:h:schneider-electric:powerlogic_pm5562:-:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5563_firmware*cpe:2.3:o:schneider-electric:powerlogic_pm5563_firmware:*:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm5563-cpe:2.3:h:schneider-electric:powerlogic_pm5563:-:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm8ecc_firmware*cpe:2.3:o:schneider-electric:powerlogic_pm8ecc_firmware:*:*:*:*:*:*:*:*
schneider-electricpowerlogic_pm8ecc-cpe:2.3:h:schneider-electric:powerlogic_pm8ecc:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	powerlogic_pm5560_firmware	*	cpe:2.3:o:schneider-electric:powerlogic_pm5560_firmware::::::::
schneider-electric	powerlogic_pm5560	-	cpe:2.3:h:schneider-electric:powerlogic_pm5560:-:::::::*
schneider-electric	powerlogic_pm5561_firmware	*	cpe:2.3:o:schneider-electric:powerlogic_pm5561_firmware::::::::
schneider-electric	powerlogic_pm5561	-	cpe:2.3:h:schneider-electric:powerlogic_pm5561:-:::::::*
schneider-electric	powerlogic_pm5562_firmware	*	cpe:2.3:o:schneider-electric:powerlogic_pm5562_firmware::::::::
schneider-electric	powerlogic_pm5562	-	cpe:2.3:h:schneider-electric:powerlogic_pm5562:-:::::::*
schneider-electric	powerlogic_pm5563_firmware	*	cpe:2.3:o:schneider-electric:powerlogic_pm5563_firmware::::::::
schneider-electric	powerlogic_pm5563	-	cpe:2.3:h:schneider-electric:powerlogic_pm5563:-:::::::*
schneider-electric	powerlogic_pm8ecc_firmware	*	cpe:2.3:o:schneider-electric:powerlogic_pm8ecc_firmware::::::::
schneider-electric	powerlogic_pm8ecc	-	cpe:2.3:h:schneider-electric:powerlogic_pm8ecc:-:::::::*

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.7%

JSON

Related for NVD:CVE-2021-22763

prion1 cve1 nessus1 cvelist1