← Back

CVE-2021-22702

nvd nist
Published: Feb 19, 2021Modified: May 29, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.

Affected (12)

Schneider Electric
12 products
Powerlogic Ion7400 Firmware
Powerlogic Ion7650 Firmware
Powerlogic Ion7700 Firmware
Powerlogic Ion7300 Firmware
Powerlogic Ion8600 Firmware
Powerlogic Ion8650 Firmware
Powerlogic Ion8800 Firmware
Powerlogic Ion9000 Firmware
Powerlogic Pm8000 Firmware
Powerlogic Ion8300 Firmware
Powerlogic Ion8400 Firmware
Powerlogic Ion8500 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Ion7400 Firmware
Before 3.0.0
Running on/withPlatform Versions
Schneider Electric
Powerlogic Ion7400
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Ion7650 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Powerlogic Ion7650
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Ion7700 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Powerlogic Ion7700
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Ion7300 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Powerlogic Ion7300
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Ion8600 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Powerlogic Ion8600
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Ion8650 Firmware
Up to 4.31.2
Running on/withPlatform Versions
Schneider Electric
Powerlogic Ion8650
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Ion8800 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Powerlogic Ion8800
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Ion9000 Firmware
Before 3.0.0
Running on/withPlatform Versions
Schneider Electric
Powerlogic Ion9000
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Pm8000 Firmware
Before 3.0.0
Running on/withPlatform Versions
Schneider Electric
Powerlogic Pm8000
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Ion8300 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Powerlogic Ion8300
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Ion8400 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Powerlogic Ion8400
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Ion8500 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Powerlogic Ion8500
All versions

Related CWEs

CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

Source: cybersecurity@se.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.