Sign-up

ID

VAR-202106-0541


CVE

CVE-2021-22763


TITLE

plural  Schneider Electric  Product password management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008269

DESCRIPTION

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device. plural Schneider Electric The product contains a vulnerability related to the password management function.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-22763 // JVNDB: JVNDB-2021-008269 // VULMON: CVE-2021-22763

AFFECTED PRODUCTS

vendor:schneider electricmodel:powerlogic pm5561scope:ltversion:10.7.3

Trust: 1.0

vendor:schneider electricmodel:powerlogic pm5562scope:lteversion:2.5.4

Trust: 1.0

vendor:schneider electricmodel:powerlogic pm5563scope:ltversion:2.7.8

Trust: 1.0

vendor:schneider electricmodel:powerlogic pm5560scope:ltversion:2.7.8

Trust: 1.0

vendor:schneider electricmodel:powerlogic pm8eccscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:powerlogic pm8eccscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic pm5560scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic pm5561scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic pm5562scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic pm5563scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-008269 // NVD: CVE-2021-22763

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22763
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-22763
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202106-1009
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-22763
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-22763
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-22763
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22763
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-22763 // JVNDB: JVNDB-2021-008269 // CNNVD: CNNVD-202106-1009 // NVD: CVE-2021-22763

PROBLEMTYPE DATA

problemtype:CWE-640

Trust: 1.0

problemtype:How weak password recovery works if you forget your password (CWE-640) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-008269 // NVD: CVE-2021-22763

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1009

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202106-1009

PATCH

title:SEVD-2021-159-02 Security Notificationurl:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02

Trust: 0.8

title:PowerLogic EGX300 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155018

Trust: 0.6

sources: JVNDB: JVNDB-2021-008269 // CNNVD: CNNVD-202106-1009

EXTERNAL IDS

db:NVDid:CVE-2021-22763

Trust: 3.3

db:SCHNEIDERid:SEVD-2021-159-02

Trust: 1.7

db:ICS CERTid:ICSA-24-331-01

Trust: 0.8

db:JVNid:JVNVU91762971

Trust: 0.8

db:JVNDBid:JVNDB-2021-008269

Trust: 0.8

db:SCHNEIDERid:SEVD-2021-159-03

Trust: 0.6

db:CNNVDid:CNNVD-202106-1009

Trust: 0.6

db:VULMONid:CVE-2021-22763

Trust: 0.1

sources: VULMON: CVE-2021-22763 // JVNDB: JVNDB-2021-008269 // CNNVD: CNNVD-202106-1009 // NVD: CVE-2021-22763

REFERENCES

url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-02%2chttp://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-03

Trust: 1.0

url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-02&p_endoctype=security+and+safety+notice&p_file_name=sevd-2021-159-02.pdf

Trust: 1.0

url:https://jvn.jp/vu/jvnvu91762971/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-22763¥

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-331-01

Trust: 0.8

url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-03

Trust: 0.6

url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-02

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-22763

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/640.html

Trust: 0.1

url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-02,http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-03

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-22763 // JVNDB: JVNDB-2021-008269 // CNNVD: CNNVD-202106-1009 // NVD: CVE-2021-22763

SOURCES

db:VULMONid:CVE-2021-22763
db:JVNDBid:JVNDB-2021-008269
db:CNNVDid:CNNVD-202106-1009
db:NVDid:CVE-2021-22763

LAST UPDATE DATE

2024-11-29T22:41:05.395000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-22763date:2021-06-23T00:00:00
db:JVNDBid:JVNDB-2021-008269date:2024-11-29T06:22:00
db:CNNVDid:CNNVD-202106-1009date:2021-08-16T00:00:00
db:NVDid:CVE-2021-22763date:2024-11-24T15:15:04.450

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-22763date:2021-06-11T00:00:00
db:JVNDBid:JVNDB-2021-008269date:2022-03-10T00:00:00
db:CNNVDid:CNNVD-202106-1009date:2021-06-11T00:00:00
db:NVDid:CVE-2021-22763date:2021-06-11T16:15:10.320