All the vulnerabilites related to Schneider Electric - PowerLogic ION7400
var-202305-2074
Vulnerability from variot
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. Schneider Electric Provided by the company PowerLogic The product contains the following vulnerabilities: * Plain text transmission of important information (CWE-319) - CVE-2022-46680If the vulnerability is exploited, it may be affected as follows. It was * Sensitive information may be stolen by a remote third party, or service may be disrupted ( DoS ) or have data tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-2074", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powerlogic ion9000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.0.0" }, { "model": "powerlogic pm8000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.0.0" }, { "model": "powerlogic ion8800", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "powerlogic ion7400", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.0.0" }, { "model": "powerlogic ion8650", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "legacy ion", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "powerlogic ion7400", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "powerlogic ion9000", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "powerlogic pm8000", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "powerlogic ion8800", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "powerlogic ion8650", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-002903" }, { "db": "NVD", "id": "CVE-2022-46680" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-46680" } ] }, "cve": "CVE-2022-46680", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cybersecurity@se.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-46680", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-46680", "trust": 1.8, "value": "CRITICAL" }, { "author": "cybersecurity@se.com", "id": "CVE-2022-46680", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202305-1969", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-002903" }, { "db": "CNNVD", "id": "CNNVD-202305-1969" }, { "db": "NVD", "id": "CVE-2022-46680" }, { "db": "NVD", "id": "CVE-2022-46680" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. Schneider Electric Provided by the company PowerLogic The product contains the following vulnerabilities: * Plain text transmission of important information (CWE-319) - CVE-2022-46680If the vulnerability is exploited, it may be affected as follows. It was * Sensitive information may be stolen by a remote third party, or service may be disrupted ( DoS ) or have data tampered with", "sources": [ { "db": "NVD", "id": "CVE-2022-46680" }, { "db": "JVNDB", "id": "JVNDB-2023-002903" }, { "db": "VULMON", "id": "CVE-2022-46680" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-46680", "trust": 3.3 }, { "db": "SCHNEIDER", "id": "SEVD-2023-129-03", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-23-229-03", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU93627577", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-002903", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202305-1969", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-46680", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-46680" }, { "db": "JVNDB", "id": "JVNDB-2023-002903" }, { "db": "CNNVD", "id": "CNNVD-202305-1969" }, { "db": "NVD", "id": "CVE-2022-46680" } ] }, "id": "VAR-202305-2074", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-06-02T23:03:59.712000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Schneider\u00a0Electric\u00a0Security\u00a0Notification\u00a0PowerLogic\u00a0ION7400\u00a0/\u00a0PM8000\u00a0/\u00a0ION9000\u00a0Power\u00a0Meters (( PDF )", "trust": 0.8, "url": "https://www.se.com/us/en/download/document/7en52-0390/" }, { "title": "Schneider Electric PowerLogic Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=239320" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-002903" }, { "db": "CNNVD", "id": "CNNVD-202305-1969" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-319", "trust": 1.0 }, { "problemtype": "Sending important information in clear text (CWE-319) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-002903" }, { "db": "NVD", "id": "CVE-2022-46680" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-129-03\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-129-03.pdf" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93627577/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-46680" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-03" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-46680/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/319.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-46680" }, { "db": "JVNDB", "id": "JVNDB-2023-002903" }, { "db": "CNNVD", "id": "CNNVD-202305-1969" }, { "db": "NVD", "id": "CVE-2022-46680" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-46680" }, { "db": "JVNDB", "id": "JVNDB-2023-002903" }, { "db": "CNNVD", "id": "CNNVD-202305-1969" }, { "db": "NVD", "id": "CVE-2022-46680" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-22T00:00:00", "db": "VULMON", "id": "CVE-2022-46680" }, { "date": "2023-08-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-002903" }, { "date": "2023-05-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202305-1969" }, { "date": "2023-05-22T14:15:09.433000", "db": "NVD", "id": "CVE-2022-46680" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-22T00:00:00", "db": "VULMON", "id": "CVE-2022-46680" }, { "date": "2024-05-29T08:48:00", "db": "JVNDB", "id": "JVNDB-2023-002903" }, { "date": "2023-05-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202305-1969" }, { "date": "2023-05-27T00:54:48.257000", "db": "NVD", "id": "CVE-2022-46680" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202305-1969" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Schneider\u00a0Electric\u00a0 Made \u00a0PowerLogic\u00a0 Vulnerability of Plain Text Transmission of Sensitive Information in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-002903" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202305-1969" } ], "trust": 0.6 } }
var-202102-0529
Vulnerability from variot
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0529", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powerlogic ion8650", "scope": "lte", "trust": 1.0, "vendor": "schneider electric", "version": "4.31.2" }, { "model": "powerlogic pm8000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic ion8600", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion8300", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion8800", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion9000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic ion8500", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion7400", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic ion8400", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion7650", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22703" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion7650_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion7650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8600_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.31.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8300_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22703" } ] }, "cve": "CVE-2021-22703", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22703", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202102-1425", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22703" }, { "db": "CNNVD", "id": "CNNVD-202102-1425" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.", "sources": [ { "db": "NVD", "id": "CVE-2021-22703" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SCHNEIDER", "id": "SEVD-2021-040-01", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-22703", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-202102-1425", "trust": 0.6 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22703" }, { "db": "CNNVD", "id": "CNNVD-202102-1425" } ] }, "id": "VAR-202102-0529", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2023-12-18T13:01:25.568000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Schneider PowerLogic Product information disclosure vulnerability repair measures", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142859" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1425" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-319", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22703" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.se.com/ww/en/download/document/sevd-2021-040-01/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22703" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22703" }, { "db": "CNNVD", "id": "CNNVD-202102-1425" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-22703" }, { "db": "CNNVD", "id": "CNNVD-202102-1425" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-19T16:15:13.157000", "db": "NVD", "id": "CVE-2021-22703" }, { "date": "2021-02-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-1425" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-03T16:20:31.973000", "db": "NVD", "id": "CVE-2021-22703" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-1425" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1425" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Schneider PowerLogic Product Information Disclosure Vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1425" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1425" } ], "trust": 0.6 } }
var-202102-0527
Vulnerability from variot
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0527", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powerlogic ion8650", "scope": "lte", "trust": 1.0, "vendor": "schneider electric", "version": "4.31.2" }, { "model": "powerlogic pm8000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic ion8600", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion8300", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion8800", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion9000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic ion8500", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion7400", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic ion8400", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion7650", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22701" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion7410:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion7650_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion7650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8600_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.31.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8300_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22701" } ] }, "cve": "CVE-2021-22701", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 0.9, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22701", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202102-1429", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22701" }, { "db": "CNNVD", "id": "CNNVD-202102-1429" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.", "sources": [ { "db": "NVD", "id": "CVE-2021-22701" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SCHNEIDER", "id": "SEVD-2021-040-01", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-22701", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-202102-1429", "trust": 0.6 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22701" }, { "db": "CNNVD", "id": "CNNVD-202102-1429" } ] }, "id": "VAR-202102-0527", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2023-12-18T13:01:25.589000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Schneider PowerLogic Repair measures for product cross-site request forgery vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142862" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1429" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-352", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22701" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.se.com/ww/en/download/document/sevd-2021-040-01/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22701" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22701" }, { "db": "CNNVD", "id": "CNNVD-202102-1429" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-22701" }, { "db": "CNNVD", "id": "CNNVD-202102-1429" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-19T16:15:12.937000", "db": "NVD", "id": "CVE-2021-22701" }, { "date": "2021-02-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-1429" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-03T16:15:56.727000", "db": "NVD", "id": "CVE-2021-22701" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-1429" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1429" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Schneider PowerLogic Product Cross-Site Request Forgery Vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1429" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cross-site request forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1429" } ], "trust": 0.6 } }
var-202102-0528
Vulnerability from variot
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0528", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powerlogic ion7300", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion8650", "scope": "lte", "trust": 1.0, "vendor": "schneider electric", "version": "4.31.2" }, { "model": "powerlogic pm8000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic ion8600", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion8300", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion8800", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion8400", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion9000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic ion8500", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion7400", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic ion7700", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "powerlogic ion7650", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22702" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion7650_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion7650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion7700_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion7700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion7300_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion7300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8600_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.31.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8300_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion8500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion8500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22702" } ] }, "cve": "CVE-2021-22702", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22702", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202102-1427", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22702" }, { "db": "CNNVD", "id": "CNNVD-202102-1427" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.", "sources": [ { "db": "NVD", "id": "CVE-2021-22702" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SCHNEIDER", "id": "SEVD-2021-040-01", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-22702", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-202102-1427", "trust": 0.6 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22702" }, { "db": "CNNVD", "id": "CNNVD-202102-1427" } ] }, "id": "VAR-202102-0528", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2023-12-18T13:01:25.609000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Schneider PowerLogic Product information disclosure vulnerability repair measures", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142860" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1427" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-319", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22702" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.se.com/ww/en/download/document/sevd-2021-040-01/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22702" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22702" }, { "db": "CNNVD", "id": "CNNVD-202102-1427" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2021-22702" }, { "db": "CNNVD", "id": "CNNVD-202102-1427" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-19T16:15:13.077000", "db": "NVD", "id": "CVE-2021-22702" }, { "date": "2021-02-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-1427" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-03T16:17:57.420000", "db": "NVD", "id": "CVE-2021-22702" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-1427" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1427" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Schneider PowerLogic Product Information Disclosure Vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1427" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-1427" } ], "trust": 0.6 } }
var-202103-0445
Vulnerability from variot
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution. plural Schneider Electric The product contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric) company. Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators.
PowerLogic ION7400, PM8000 and ION9000 have a buffer overflow vulnerability, which stems from improper restrictions on operations in the memory buffer
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0445", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powerlogic ion9000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic ion7400", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic pm8000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.0.0" }, { "model": "powerlogic ion7400", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "powerlogic pm8000", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "powerlogic ion9000", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "electric powerlogic ion9000", "scope": "lt", "trust": 0.6, "vendor": "schneider", "version": "v3.0.0" }, { "model": "electric powerlogic pm8000", "scope": "lt", "trust": 0.6, "vendor": "schneider", "version": "v3.0.0" }, { "model": "electric powerlogic ion7400", "scope": "lt", "trust": 0.6, "vendor": "schneider", "version": "v3.0.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-31176" }, { "db": "JVNDB", "id": "JVNDB-2021-004653" }, { "db": "NVD", "id": "CVE-2021-22714" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22714" } ] }, "cve": "CVE-2021-22714", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-22714", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2021-31176", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-22714", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22714", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2021-31176", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202103-827", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-31176" }, { "db": "JVNDB", "id": "JVNDB-2021-004653" }, { "db": "NVD", "id": "CVE-2021-22714" }, { "db": "CNNVD", "id": "CNNVD-202103-827" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution. plural Schneider Electric The product contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric) company. Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators. \n\r\n\r\nPowerLogic ION7400, PM8000 and ION9000 have a buffer overflow vulnerability, which stems from improper restrictions on operations in the memory buffer", "sources": [ { "db": "NVD", "id": "CVE-2021-22714" }, { "db": "JVNDB", "id": "JVNDB-2021-004653" }, { "db": "CNVD", "id": "CNVD-2021-31176" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-22714", "trust": 3.0 }, { "db": "SCHNEIDER", "id": "SEVD-2021-068-02", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2021-004653", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-31176", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202103-827", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-31176" }, { "db": "JVNDB", "id": "JVNDB-2021-004653" }, { "db": "NVD", "id": "CVE-2021-22714" }, { "db": "CNNVD", "id": "CNNVD-202103-827" } ] }, "id": "VAR-202103-0445", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-31176" } ], "trust": 1.6 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-31176" } ] }, "last_update_date": "2023-12-18T12:26:59.780000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SEVD-2021-068-02", "trust": 0.8, "url": "https://www.se.com/ww/en/download/document/sevd-2021-068-02" }, { "title": "Patch for Schneider Electric PowerLogic buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/261431" }, { "title": "Schneider Electric PowerLogic Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=144835" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-31176" }, { "db": "JVNDB", "id": "JVNDB-2021-004653" }, { "db": "CNNVD", "id": "CNNVD-202103-827" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.0 }, { "problemtype": "Buffer error (CWE-119) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004653" }, { "db": "NVD", "id": "CVE-2021-22714" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22714" }, { "trust": 1.6, "url": "https://www.se.com/ww/en/download/document/sevd-2021-068-02" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-31176" }, { "db": "JVNDB", "id": "JVNDB-2021-004653" }, { "db": "NVD", "id": "CVE-2021-22714" }, { "db": "CNNVD", "id": "CNNVD-202103-827" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-31176" }, { "db": "JVNDB", "id": "JVNDB-2021-004653" }, { "db": "NVD", "id": "CVE-2021-22714" }, { "db": "CNNVD", "id": "CNNVD-202103-827" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-26T00:00:00", "db": "CNVD", "id": "CNVD-2021-31176" }, { "date": "2021-11-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-004653" }, { "date": "2021-03-11T21:15:12.497000", "db": "NVD", "id": "CVE-2021-22714" }, { "date": "2021-03-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202103-827" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-26T00:00:00", "db": "CNVD", "id": "CNVD-2021-31176" }, { "date": "2021-11-25T08:23:00", "db": "JVNDB", "id": "JVNDB-2021-004653" }, { "date": "2022-02-03T16:21:08.537000", "db": "NVD", "id": "CVE-2021-22714" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202103-827" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202103-827" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Schneider\u00a0Electric\u00a0 Buffer error vulnerability in the product", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004653" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202103-827" } ], "trust": 0.6 } }
cve-2022-46680
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-03.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PowerLogic ION9000", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "Prior to 4.0.0" } ] }, { "defaultStatus": "unaffected", "product": "PowerLogic ION7400", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "Prior to 4.0.0" } ] }, { "defaultStatus": "unaffected", "product": " PowerLogic PM8000", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "Prior to 4.0.0" } ] }, { "defaultStatus": "unaffected", "product": "PowerLogic ION8650", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "PowerLogic ION8800", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "Legacy ION products", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] } ], "datePublic": "2023-05-09T13:18:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n" } ], "value": "\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-22T13:25:40.615Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-03.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2022-46680", "datePublished": "2023-05-22T13:25:40.615Z", "dateReserved": "2022-12-06T21:51:38.755Z", "dateUpdated": "2024-08-03T14:39:38.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }