← Back

CVE-2021-22764

nvd nist
Published: Jun 11, 2021Modified: May 29, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.

Affected (4)

Schneider Electric
4 products
Powerlogic Pm5560 Firmware
Powerlogic Pm5561 Firmware
Powerlogic Pm5562 Firmware
Powerlogic Pm5563 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Pm5560 Firmware
Before 2.7.8
Running on/withPlatform Versions
Schneider Electric
Powerlogic Pm5560
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Pm5561 Firmware
Before 10.7.3
Running on/withPlatform Versions
Schneider Electric
Powerlogic Pm5561
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Pm5562 Firmware
Up to 2.5.4
Running on/withPlatform Versions
Schneider Electric
Powerlogic Pm5562
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Powerlogic Pm5563 Firmware
Before 2.7.8
Running on/withPlatform Versions
Schneider Electric
Powerlogic Pm5563
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

Source: cybersecurity@se.com
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.