CVE-2021-22701

Published: Feb 19, 2021Modified: May 29, 2026

4.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.

Affected (10)

Products: Schneider Electric: Powerlogic Ion7400 Firmware, Powerlogic Ion7650 Firmware, Powerlogic Ion8600 Firmware, Powerlogic Ion8650 Firmware, Powerlogic Ion8800 Firmware, Powerlogic Ion9000 Firmware, Powerlogic Pm8000 Firmware, Powerlogic Ion8300 Firmware, Powerlogic Ion8400 Firmware, Powerlogic Ion8500 Firmware

Schneider Electric

10 products

Powerlogic Ion7400 Firmware

Powerlogic Ion7650 Firmware

Powerlogic Ion8600 Firmware

Powerlogic Ion8650 Firmware

Powerlogic Ion8800 Firmware

Powerlogic Ion9000 Firmware

Powerlogic Pm8000 Firmware

Powerlogic Ion8300 Firmware

Powerlogic Ion8400 Firmware

Powerlogic Ion8500 Firmware

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Ion7400 Firmware	Before 3.0.0

Running on/with	Platform Versions
Schneider Electric Powerlogic Ion7400	All versions
Schneider Electric Powerlogic Ion7410	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Ion7650 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Powerlogic Ion7650	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Ion8600 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Powerlogic Ion8600	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Ion8650 Firmware	Up to 4.31.2

Running on/with	Platform Versions
Schneider Electric Powerlogic Ion8650	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Ion8800 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Powerlogic Ion8800	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Ion9000 Firmware	Before 3.0.0

Running on/with	Platform Versions
Schneider Electric Powerlogic Ion9000	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Pm8000 Firmware	Before 3.0.0

Running on/with	Platform Versions
Schneider Electric Powerlogic Pm8000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Ion8300 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Powerlogic Ion8300	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Ion8400 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Powerlogic Ion8400	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Ion8500 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Powerlogic Ion8500	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2021-040-01/

Source: cybersecurity@se.com

MitigationVendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2021-040-01/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.