CVE-2021-22702
First published: Fri Feb 19 2021(Updated: )
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Powerlogic Ion7400 Firmware | <3.0.0 | |
| Schneider-electric Powerlogic Ion7400 Firmware | ||
| Schneider-electric Ion7650 Firmware | ||
| Schneider-electric Powerlogic Ion7650 Firmware | ||
| Schneider-electric Powerlogic Ion7700 Firmware | ||
| Schneider Electric PowerLogic ION7700 | ||
| Schneider-electric Powerlogic Ion7300 Firmware | ||
| Schneider-electric Powerlogic Ion7300 Firmware | ||
| Schneider-electric Powerlogic Ion8600 Firmware | ||
| Schneider-electric Powerlogic Ion8600 Firmware | ||
| Schneider-electric Ion8650 Firmware | <=4.31.2 | |
| Schneider-electric Powerlogic Ion8650 Firmware | ||
| Schneider-electric Powerlogic Ion8800 Firmware | ||
| Schneider-electric Powerlogic Ion8800 Firmware | ||
| Schneider-electric Powerlogic Ion9000 Firmware | <3.0.0 | |
| Schneider-electric Powerlogic Ion9000 Firmware | ||
| Schneider-electric Powerlogic Pm8000 Firmware | <3.0.0 | |
| Schneider-electric Powerlogic Pm8000 Firmware | ||
| Schneider-electric Powerlogic Ion8300 Firmware | ||
| Schneider-electric Powerlogic Ion8300 Firmware | ||
| Schneider-electric Powerlogic Ion8400 Firmware | ||
| Schneider-electric Powerlogic Ion8400 Firmware | ||
| Schneider Electric Powerlogic Ion8500 Firmware | ||
| Schneider Electric Powerlogic Ion8500 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-22702?
CVE-2021-22702 is rated as a medium severity vulnerability due to the potential disclosure of sensitive information.
How do I fix CVE-2021-22702?
To remediate CVE-2021-22702, ensure that all affected PowerLogic ION devices are updated to the latest firmware version that addresses this vulnerability.
What systems are affected by CVE-2021-22702?
CVE-2021-22702 affects several PowerLogic ION models, including ION7400, ION7650, ION7700, ION8650, ION8800, ION9000, and PM8000.
What does CVE-2021-22702 expose?
CVE-2021-22702 exposes user credentials by allowing the cleartext transmission of sensitive information over the network.
Is CVE-2021-22702 a new vulnerability?
CVE-2021-22702 was publicly disclosed in 2021, focusing on vulnerabilities present in firmware versions of certain PowerLogic ION products.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider-electric powerlogic ion7400 firmware
- canonical/schneider-electric ion7650 firmware
- canonical/schneider-electric powerlogic ion7650 firmware
- canonical/schneider-electric powerlogic ion7700 firmware
- canonical/schneider electric powerlogic ion7700
- canonical/schneider-electric powerlogic ion7300 firmware
- canonical/schneider-electric powerlogic ion8600 firmware
- canonical/schneider-electric ion8650 firmware
- version/schneider-electric ion8650 firmware/4.31.2
- canonical/schneider-electric powerlogic ion8650 firmware
- canonical/schneider-electric powerlogic ion8800 firmware
- canonical/schneider-electric powerlogic ion9000 firmware
- canonical/schneider-electric powerlogic pm8000 firmware
- canonical/schneider-electric powerlogic ion8300 firmware
- canonical/schneider-electric powerlogic ion8400 firmware
- canonical/schneider electric powerlogic ion8500 firmware