CVE-2021-22763

Published: Jun 11, 2021Modified: May 29, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.

Affected (5)

Products: Schneider Electric: Powerlogic Pm5560 Firmware, Powerlogic Pm5561 Firmware, Powerlogic Pm5562 Firmware, Powerlogic Pm5563 Firmware, Powerlogic Pm8ecc Firmware

Schneider Electric

5 products

Powerlogic Pm5560 Firmware

Powerlogic Pm5561 Firmware

Powerlogic Pm5562 Firmware

Powerlogic Pm5563 Firmware

Powerlogic Pm8ecc Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Pm5560 Firmware	Before 2.7.8

Running on/with	Platform Versions
Schneider Electric Powerlogic Pm5560	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Pm5561 Firmware	Before 10.7.3

Running on/with	Platform Versions
Schneider Electric Powerlogic Pm5561	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Pm5562 Firmware	Up to 2.5.4

Running on/with	Platform Versions
Schneider Electric Powerlogic Pm5562	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Pm5563 Firmware	Before 2.7.8

Running on/with	Platform Versions
Schneider Electric Powerlogic Pm5563	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Pm8ecc Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Powerlogic Pm8ecc	All versions

Related CWEs

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf

Source: cybersecurity@se.com

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.