Sign-up

ID

VAR-202103-0445


CVE

CVE-2021-22714


TITLE

plural  Schneider Electric  Buffer error vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-004653

DESCRIPTION

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution. plural Schneider Electric The product contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric) company. Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators. PowerLogic ION7400, PM8000 and ION9000 have a buffer overflow vulnerability, which stems from improper restrictions on operations in the memory buffer

Trust: 2.16

sources: NVD: CVE-2021-22714 // JVNDB: JVNDB-2021-004653 // CNVD: CNVD-2021-31176

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-31176

AFFECTED PRODUCTS

vendor:schneider electricmodel:powerlogic ion9000scope:ltversion:3.0.0

Trust: 1.0

vendor:schneider electricmodel:powerlogic pm8000scope:ltversion:3.0.0

Trust: 1.0

vendor:schneider electricmodel:powerlogic ion7400scope:ltversion:3.0.0

Trust: 1.0

vendor:schneider electricmodel:powerlogic ion7400scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic pm8000scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic ion9000scope: - version: -

Trust: 0.8

vendor:schneidermodel:electric powerlogic ion9000scope:ltversion:v3.0.0

Trust: 0.6

vendor:schneidermodel:electric powerlogic pm8000scope:ltversion:v3.0.0

Trust: 0.6

vendor:schneidermodel:electric powerlogic ion7400scope:ltversion:v3.0.0

Trust: 0.6

sources: CNVD: CNVD-2021-31176 // JVNDB: JVNDB-2021-004653 // NVD: CVE-2021-22714

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22714
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-22714
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-31176
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202103-827
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2021-22714
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-31176
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-22714
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22714
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-31176 // JVNDB: JVNDB-2021-004653 // CNNVD: CNNVD-202103-827 // NVD: CVE-2021-22714

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004653 // NVD: CVE-2021-22714

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-827

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202103-827

PATCH

title:SEVD-2021-068-02url:https://www.se.com/ww/en/download/document/SEVD-2021-068-02

Trust: 0.8

title:Patch for Schneider Electric PowerLogic buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/261431

Trust: 0.6

title:Schneider Electric PowerLogic Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144835

Trust: 0.6

sources: CNVD: CNVD-2021-31176 // JVNDB: JVNDB-2021-004653 // CNNVD: CNNVD-202103-827

EXTERNAL IDS

db:NVDid:CVE-2021-22714

Trust: 3.0

db:SCHNEIDERid:SEVD-2021-068-02

Trust: 1.6

db:JVNDBid:JVNDB-2021-004653

Trust: 0.8

db:CNVDid:CNVD-2021-31176

Trust: 0.6

db:CNNVDid:CNNVD-202103-827

Trust: 0.6

sources: CNVD: CNVD-2021-31176 // JVNDB: JVNDB-2021-004653 // CNNVD: CNNVD-202103-827 // NVD: CVE-2021-22714

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-22714

Trust: 2.0

url:https://www.se.com/ww/en/download/document/sevd-2021-068-02

Trust: 1.6

sources: CNVD: CNVD-2021-31176 // JVNDB: JVNDB-2021-004653 // CNNVD: CNNVD-202103-827 // NVD: CVE-2021-22714

SOURCES

db:CNVDid:CNVD-2021-31176
db:JVNDBid:JVNDB-2021-004653
db:CNNVDid:CNNVD-202103-827
db:NVDid:CVE-2021-22714

LAST UPDATE DATE

2024-11-23T22:51:06.810000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-31176date:2021-04-26T00:00:00
db:JVNDBid:JVNDB-2021-004653date:2021-11-25T08:23:00
db:CNNVDid:CNNVD-202103-827date:2022-03-10T00:00:00
db:NVDid:CVE-2021-22714date:2024-11-21T05:50:31.077

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-31176date:2021-04-26T00:00:00
db:JVNDBid:JVNDB-2021-004653date:2021-11-25T00:00:00
db:CNNVDid:CNNVD-202103-827date:2021-03-11T00:00:00
db:NVDid:CVE-2021-22714date:2021-03-11T21:15:12.497