Description
A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.
References (2)
Core 2
Core References
Scores
CVSS v3
5.3
EPSS
0.0186
EPSS Percentile
76.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (5)
None/PowerLogic PM55xx, PowerLogic EGX100, and PowerLogic EGX300 (see security notification for version infromation)
PowerLogic PM55xx, PowerLogic EGX100, and PowerLogic EGX300 (see security notification for version i
schneider-electric/powerlogic_pm5560_firmware
< 2.7.8
schneider-electric/powerlogic_pm5561_firmware
< 10.7.3
schneider-electric/powerlogic_pm5562_firmware
< 2.5.4
schneider-electric/powerlogic_pm5563_firmware
< 2.7.8
Published
Jun 11, 2021
Tracked Since
Feb 18, 2026