Sign-up

ID

VAR-202106-0543


CVE

CVE-2021-22765


TITLE

PowerLogic EGX100  and  PowerLogic EGX300  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008271

DESCRIPTION

** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet. ** Not supported ** This is a vulnerability in an unsupported product. PowerLogic EGX100 and PowerLogic EGX300 Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2021-22765 // JVNDB: JVNDB-2021-008271

AFFECTED PRODUCTS

vendor:schneider electricmodel:powerlogic egx100scope:gteversion:3.0.0

Trust: 1.0

vendor:schneider electricmodel:powerlogic egx300scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:powerlogic egx100scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic egx300scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-008271 // NVD: CVE-2021-22765

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-22765
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-202106-1007
value: CRITICAL

Trust: 0.6

NVD: CVE-2021-22765
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2021-22765
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22765
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-008271 // CNNVD: CNNVD-202106-1007 // NVD: CVE-2021-22765

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-008271 // NVD: CVE-2021-22765

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1007

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202106-1007

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-22765

PATCH
title:SEVD-2021-159-03url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-03
Trust: 0.8
title:PowerLogic EGX300 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155017
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-008271 // 
            
            
            
            CNNVD: CNNVD-202106-1007

EXTERNAL IDS
db:NVDid:CVE-2021-22765
Trust: 3.2
db:SCHNEIDERid:SEVD-2021-159-03
Trust: 1.6
db:JVNDBid:JVNDB-2021-008271
Trust: 0.8
db:CNNVDid:CNNVD-202106-1007
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-008271 // 
            
            
            
            CNNVD: CNNVD-202106-1007 // 
            
            
            
            NVD: CVE-2021-22765

REFERENCES
url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-03
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-22765
Trust: 1.4
sources:
            
            
            JVNDB: JVNDB-2021-008271 // 
            
            
            
            CNNVD: CNNVD-202106-1007 // 
            
            
            
            NVD: CVE-2021-22765

SOURCES
db:JVNDBid:JVNDB-2021-008271
db:CNNVDid:CNNVD-202106-1007
db:NVDid:CVE-2021-22765

LAST UPDATE DATE
2022-05-06T08:27:15.719000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-008271date:2022-03-10T07:10:00
db:CNNVDid:CNNVD-202106-1007date:2022-03-10T00:00:00
db:NVDid:CVE-2021-22765date:2022-01-31T20:07:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-008271date:2022-03-10T00:00:00
db:CNNVDid:CNNVD-202106-1007date:2021-06-11T00:00:00
db:NVDid:CVE-2021-22765date:2021-06-11T16:15:00