First published: Fri Feb 19 2021(Updated: )
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Powerlogic Ion7400 Firmware | <3.0.0 | |
Schneider-electric Powerlogic Ion7400 | ||
Schneider-electric Powerlogic Ion7650 Firmware | ||
Schneider-electric Powerlogic Ion7650 | ||
Schneider-electric Powerlogic Ion8600 Firmware | ||
Schneider-electric Powerlogic Ion8600 | ||
Schneider-electric Powerlogic Ion8650 Firmware | <=4.31.2 | |
Schneider-electric Powerlogic Ion8650 | ||
Schneider-electric Powerlogic Ion8800 Firmware | ||
Schneider-electric Powerlogic Ion8800 | ||
Schneider-electric Powerlogic Ion9000 Firmware | <3.0.0 | |
Schneider-electric Powerlogic Ion9000 | ||
Schneider-electric Powerlogic Pm8000 Firmware | <3.0.0 | |
Schneider-electric Powerlogic Pm8000 | ||
Schneider-electric Powerlogic Ion8300 Firmware | ||
Schneider-electric Powerlogic Ion8300 | ||
Schneider-electric Powerlogic Ion8400 Firmware | ||
Schneider-electric Powerlogic Ion8400 | ||
Schneider-electric Powerlogic Ion8500 Firmware | ||
Schneider-electric Powerlogic Ion8500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.