Details of VAR-202106-0542

ID

VAR-202106-0542

CVE

CVE-2021-22764

TITLE

plural Schneider Electric Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-008270

DESCRIPTION

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request. plural Schneider Electric The product contains an authentication vulnerability.Denial of service (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2021-22764 // JVNDB: JVNDB-2021-008270

AFFECTED PRODUCTS

vendor:	schneider electric	model:	powerlogic pm5561	scope:	lt	version:	10.7.3	Trust: 1.0
vendor:	schneider electric	model:	powerlogic pm5563	scope:	lt	version:	2.7.8	Trust: 1.0
vendor:	schneider electric	model:	powerlogic pm5560	scope:	lt	version:	2.7.8	Trust: 1.0
vendor:	schneider electric	model:	powerlogic pm5562	scope:	lte	version:	2.5.4	Trust: 1.0
vendor:	schneider electric	model:	powerlogic pm5562	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	powerlogic pm5563	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	powerlogic pm5560	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	powerlogic pm5561	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008270 // NVD: CVE-2021-22764

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22764
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22764
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202106-1008
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-22764
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-22764
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22764
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-008270 // CNNVD: CNNVD-202106-1008 // NVD: CVE-2021-22764

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008270 // NVD: CVE-2021-22764

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202106-1008

PATCH

title:	SEVD-2021-159-02 Security Notification	url:	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02	Trust: 0.8
title:	Schneider Electric PowerLogic Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154376	Trust: 0.6

sources: JVNDB: JVNDB-2021-008270 // CNNVD: CNNVD-202106-1008

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22764	Trust: 3.2
db:	SCHNEIDER	id:	SEVD-2021-159-02	Trust: 1.6
db:	JVNDB	id:	JVNDB-2021-008270	Trust: 0.8
db:	SCHNEIDER	id:	SEVD-2021-159-03	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1008	Trust: 0.6

sources: JVNDB: JVNDB-2021-008270 // CNNVD: CNNVD-202106-1008 // NVD: CVE-2021-22764

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-22764	Trust: 1.4
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-02%2chttp://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-03	Trust: 1.0
url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-02&p_endoctype=security+and+safety+notice&p_file_name=sevd-2021-159-02.pdf	Trust: 1.0
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-03	Trust: 0.6
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-02	Trust: 0.6

sources: JVNDB: JVNDB-2021-008270 // CNNVD: CNNVD-202106-1008 // NVD: CVE-2021-22764

SOURCES

db:	JVNDB	id:	JVNDB-2021-008270
db:	CNNVD	id:	CNNVD-202106-1008
db:	NVD	id:	CVE-2021-22764

LAST UPDATE DATE

2024-11-25T23:05:26.628000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-008270	date:	2022-03-10T07:10:00
db:	CNNVD	id:	CNNVD-202106-1008	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-22764	date:	2024-11-24T15:15:04.637

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-008270	date:	2022-03-10T00:00:00
db:	CNNVD	id:	CNNVD-202106-1008	date:	2021-06-11T00:00:00
db:	NVD	id:	CVE-2021-22764	date:	2021-06-11T16:15:10.390