What is the severity of CVE-2021-22764?

CVE-2021-22764 is classified as a CWE-287: Improper Authentication vulnerability.

How do I fix CVE-2021-22764?

To address CVE-2021-22764, ensure that your PowerLogic devices are updated to a version that is not vulnerable as specified in the security notification.

Which devices are affected by CVE-2021-22764?

CVE-2021-22764 affects the PowerLogic PM55xx, PM8ECC, EGX100, and EGX300 models.

What could happen if I am vulnerable to CVE-2021-22764?

If vulnerable to CVE-2021-22764, an attacker might cause a loss of connectivity to the device via the Modbus TCP protocol.

Is there a workaround for CVE-2021-22764?

Currently, the recommended action for CVE-2021-22764 is to apply the latest firmware updates for affected devices as there are no specific workarounds.

Vulnerability/
CVE-2021-22764

medium

5.3

CWE

287

11/6/2021

24/11/2024

CVE-2021-22764

First published: Fri Jun 11 2021(Updated: )

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.

Credit: cybersecurity@se.com cybersecurity@se.com

Affected Software	Affected Version	How to fix
Schneider-electric Powerlogic Pm5560 Firmware	<2.7.8
Schneider-electric Powerlogic Pm5560
Schneider-electric Powerlogic Pm5561 Firmware	<10.7.3
Schneider-electric Powerlogic Pm5561
Schneider-electric Powerlogic Pm5562 Firmware	<=2.5.4
Schneider-electric Powerlogic Pm5562
Schneider-electric Powerlogic Pm5563 Firmware	<2.7.8
Schneider-electric Powerlogic Pm5563
All of
Schneider-electric Powerlogic Pm5560 Firmware	<2.7.8
Schneider-electric Powerlogic Pm5560
All of
Schneider-electric Powerlogic Pm5561 Firmware	<10.7.3
Schneider-electric Powerlogic Pm5561
All of
Schneider-electric Powerlogic Pm5562 Firmware	<=2.5.4
Schneider-electric Powerlogic Pm5562
All of
Schneider-electric Powerlogic Pm5563 Firmware	<2.7.8
Schneider-electric Powerlogic Pm5563

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-22764?
CVE-2021-22764 is classified as a CWE-287: Improper Authentication vulnerability.
How do I fix CVE-2021-22764?
To address CVE-2021-22764, ensure that your PowerLogic devices are updated to a version that is not vulnerable as specified in the security notification.
Which devices are affected by CVE-2021-22764?
CVE-2021-22764 affects the PowerLogic PM55xx, PM8ECC, EGX100, and EGX300 models.
What could happen if I am vulnerable to CVE-2021-22764?
If vulnerable to CVE-2021-22764, an attacker might cause a loss of connectivity to the device via the Modbus TCP protocol.
Is there a workaround for CVE-2021-22764?
Currently, the recommended action for CVE-2021-22764 is to apply the latest firmware updates for affected devices as there are no specific workarounds.

collector/nvd-index
agent/type
agent/weakness
agent/severity
agent/first-publish-date
agent/description
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/last-modified-date
agent/references
agent/event
agent/softwarecombine
agent/tags
agent/source
vendor/schneider-electric
canonical/schneider-electric powerlogic pm5560 firmware
canonical/schneider-electric powerlogic pm5560
canonical/schneider-electric powerlogic pm5561 firmware
canonical/schneider-electric powerlogic pm5561
canonical/schneider-electric powerlogic pm5562 firmware
version/schneider-electric powerlogic pm5562 firmware/2.5.4
canonical/schneider-electric powerlogic pm5562
canonical/schneider-electric powerlogic pm5563 firmware
canonical/schneider-electric powerlogic pm5563

Frequently Asked Questions

What is the severity of CVE-2021-22764?
CVE-2021-22764 is classified as a CWE-287: Improper Authentication vulnerability.
How do I fix CVE-2021-22764?
To address CVE-2021-22764, ensure that your PowerLogic devices are updated to a version that is not vulnerable as specified in the security notification.
Which devices are affected by CVE-2021-22764?
CVE-2021-22764 affects the PowerLogic PM55xx, PM8ECC, EGX100, and EGX300 models.
What could happen if I am vulnerable to CVE-2021-22764?
If vulnerable to CVE-2021-22764, an attacker might cause a loss of connectivity to the device via the Modbus TCP protocol.
Is there a workaround for CVE-2021-22764?
Currently, the recommended action for CVE-2021-22764 is to apply the latest firmware updates for affected devices as there are no specific workarounds.

CVE-2021-22764

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-22764?

How do I fix CVE-2021-22764?

Which devices are affected by CVE-2021-22764?

What could happen if I am vulnerable to CVE-2021-22764?

Is there a workaround for CVE-2021-22764?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2021-22764?

How do I fix CVE-2021-22764?

Which devices are affected by CVE-2021-22764?

What could happen if I am vulnerable to CVE-2021-22764?

Is there a workaround for CVE-2021-22764?