FKIE_CVE-2021-22763

Vulnerability from fkie_nvd - Published: 2021-06-11 16:15 - Updated: 2024-11-24 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf
af854a3a-2127-422b-91ae-364da2661108http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03
Impacted products
Vendor Product Version
schneider-electric powerlogic_pm5560_firmware *
schneider-electric powerlogic_pm5560 -
schneider-electric powerlogic_pm5561_firmware *
schneider-electric powerlogic_pm5561 -
schneider-electric powerlogic_pm5562_firmware *
schneider-electric powerlogic_pm5562 -
schneider-electric powerlogic_pm5563_firmware *
schneider-electric powerlogic_pm5563 -
schneider-electric powerlogic_pm8ecc_firmware *
schneider-electric powerlogic_pm8ecc -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:powerlogic_pm5560_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F8EC9ED-1E27-40B8-84A8-F66BC9FD0803",
              "versionEndExcluding": "2.7.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:powerlogic_pm5560:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDB1B76-3862-462E-B55D-875EBE508B92",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:powerlogic_pm5561_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE3EFC50-39EA-4029-9713-9D191357DD29",
              "versionEndExcluding": "10.7.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:powerlogic_pm5561:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00D6C9E0-7DB3-4742-86F0-3430E99D1B1D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:powerlogic_pm5562_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDBB46A2-4EAD-41DA-AC02-5E985EB755A1",
              "versionEndIncluding": "2.5.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:powerlogic_pm5562:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D7896E-3EFA-4632-B0D2-273084D56936",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:powerlogic_pm5563_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E870589-0ADF-4B76-89CF-2D36F5C61CF0",
              "versionEndExcluding": "2.7.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:powerlogic_pm5563:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5D4C9C4-C258-453B-85E4-893978D6C499",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:powerlogic_pm8ecc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "064A8AD3-3657-4E66-8A7E-397DAF03BC96",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:powerlogic_pm8ecc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BF2D7A-492B-4A0C-A841-A245C5657192",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device."
    },
    {
      "lang": "es",
      "value": "Un CWE-640: Se presenta un Mecanismo D\u00e9bil de Recuperaci\u00f3n de Contrase\u00f1as para Contrase\u00f1as Olvidadas en PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 y PowerLogic EGX300 (v\u00e9ase la notificaci\u00f3n de seguridad para obtener informaci\u00f3n sobre la versi\u00f3n) que podr\u00eda permitir a un atacante el acceso a nivel de administrador a un dispositivo"
    }
  ],
  "id": "CVE-2021-22763",
  "lastModified": "2024-11-24T15:15:04.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-11T16:15:10.320",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-159-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-640"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.