CVE-2021-22764

MEDIUM

PowerLogic - Improper Authentication

Title source: llm
STIX 2.1

Description

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.

Scores

CVSS v3 5.3
EPSS 0.0186
EPSS Percentile 76.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-287
Status published
Products (5)
None/PowerLogic PM55xx, PowerLogic EGX100, and PowerLogic EGX300 (see security notification for version infromation) PowerLogic PM55xx, PowerLogic EGX100, and PowerLogic EGX300 (see security notification for version i
schneider-electric/powerlogic_pm5560_firmware < 2.7.8
schneider-electric/powerlogic_pm5561_firmware < 10.7.3
schneider-electric/powerlogic_pm5562_firmware < 2.5.4
schneider-electric/powerlogic_pm5563_firmware < 2.7.8
Published Jun 11, 2021
Tracked Since Feb 18, 2026