CVE-2021-22763
First published: Fri Jun 11 2021(Updated: )
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.
Credit: cybersecurity@se.com cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Powerlogic PM5560 Firmware | <2.7.8 | |
| Schneider-electric Powerlogic PM5560 Firmware | ||
| Schneider Electric Powerlogic PM5561 Firmware | <10.7.3 | |
| Schneider Electric PowerLogic PM5561 | ||
| Schneider Electric PowerLogic PM5562 Firmware | <=2.5.4 | |
| Schneider Electric PowerLogic PM5562 | ||
| Schneider Electric Powerlogic PM5563 Firmware | <2.7.8 | |
| Schneider-electric Powerlogic Pm5563 Firmware | ||
| Schneider Electric PowerLogic PM8ECC Firmware | ||
| Schneider-electric Powerlogic Pm8ecc Firmware | ||
| All of | ||
| Schneider-electric Powerlogic PM5560 Firmware | <2.7.8 | |
| Schneider-electric Powerlogic PM5560 Firmware | ||
| All of | ||
| Schneider Electric Powerlogic PM5561 Firmware | <10.7.3 | |
| Schneider Electric PowerLogic PM5561 | ||
| All of | ||
| Schneider Electric PowerLogic PM5562 Firmware | <=2.5.4 | |
| Schneider Electric PowerLogic PM5562 | ||
| All of | ||
| Schneider Electric Powerlogic PM5563 Firmware | <2.7.8 | |
| Schneider-electric Powerlogic Pm5563 Firmware | ||
| All of | ||
| Schneider Electric PowerLogic PM8ECC Firmware | ||
| Schneider-electric Powerlogic Pm8ecc Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02,http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03
Frequently Asked Questions
What is the severity of CVE-2021-22763?
The severity of CVE-2021-22763 is classified as high due to its potential to allow administrator level access to devices.
How do I fix CVE-2021-22763?
To fix CVE-2021-22763, users should update to the latest firmware version as recommended by Schneider Electric.
Which devices are affected by CVE-2021-22763?
CVE-2021-22763 affects the PowerLogic PM55xx, PM8ECC, EGX100, and EGX300 devices.
What is the nature of the vulnerability in CVE-2021-22763?
CVE-2021-22763 involves a weak password recovery mechanism for forgotten passwords.
Can CVE-2021-22763 be exploited remotely?
Yes, CVE-2021-22763 can be exploited remotely, making it critical to address this vulnerability promptly.
- agent/type
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/schneider-electric
- canonical/schneider-electric powerlogic pm5560 firmware
- canonical/schneider electric powerlogic pm5561 firmware
- canonical/schneider electric powerlogic pm5561
- canonical/schneider electric powerlogic pm5562 firmware
- version/schneider electric powerlogic pm5562 firmware/2.5.4
- canonical/schneider electric powerlogic pm5562
- canonical/schneider electric powerlogic pm5563 firmware
- canonical/schneider-electric powerlogic pm5563 firmware
- canonical/schneider electric powerlogic pm8ecc firmware
- canonical/schneider-electric powerlogic pm8ecc firmware