Details of VAR-202106-0544

ID

VAR-202106-0544

CVE

CVE-2021-22766

TITLE

PowerLogic EGX100 and PowerLogic EGX300 Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008272

DESCRIPTION

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet. ** Not supported ** This is a vulnerability in an unsupported product. PowerLogic EGX100 and PowerLogic EGX300 Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric). Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators. Schneider Electric PowerLogic EGX100 and EGX100 have an input validation error vulnerability

Trust: 2.16

sources: NVD: CVE-2021-22766 // JVNDB: JVNDB-2021-008272 // CNVD: CNVD-2021-46282

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-46282

AFFECTED PRODUCTS

vendor:	schneider electric	model:	powerlogic egx100	scope:	gte	version:	3.0.0	Trust: 1.0
vendor:	schneider electric	model:	powerlogic egx300	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	powerlogic egx100	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	powerlogic egx300	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric powerlogic egx100	scope:	gte	version:	3.0.0	Trust: 0.6
vendor:	schneider	model:	electric powerlogic egx300	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-46282 // JVNDB: JVNDB-2021-008272 // NVD: CVE-2021-22766

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22766
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22766
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-46282
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-999
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-22766
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-46282
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22766
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22766
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-46282 // JVNDB: JVNDB-2021-008272 // CNNVD: CNNVD-202106-999 // NVD: CVE-2021-22766

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008272 // NVD: CVE-2021-22766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-999

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202106-999

PATCH

title:	SEVD-2021-159-03	url:	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03	Trust: 0.8
title:	Patch for Schneider Electric PowerLogic input validation error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/276466	Trust: 0.6
title:	Schneider Electric PowerLogic Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155015	Trust: 0.6

sources: CNVD: CNVD-2021-46282 // JVNDB: JVNDB-2021-008272 // CNNVD: CNNVD-202106-999

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22766	Trust: 3.8
db:	SCHNEIDER	id:	SEVD-2021-159-03	Trust: 2.2
db:	JVNDB	id:	JVNDB-2021-008272	Trust: 0.8
db:	CNVD	id:	CNVD-2021-46282	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-999	Trust: 0.6

sources: CNVD: CNVD-2021-46282 // JVNDB: JVNDB-2021-008272 // CNNVD: CNNVD-202106-999 // NVD: CVE-2021-22766

REFERENCES

url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-03	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22766	Trust: 1.4

sources: CNVD: CNVD-2021-46282 // JVNDB: JVNDB-2021-008272 // CNNVD: CNNVD-202106-999 // NVD: CVE-2021-22766

SOURCES

db:	CNVD	id:	CNVD-2021-46282
db:	JVNDB	id:	JVNDB-2021-008272
db:	CNNVD	id:	CNNVD-202106-999
db:	NVD	id:	CVE-2021-22766

LAST UPDATE DATE

2024-08-14T13:54:03.009000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-46282	date:	2021-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-008272	date:	2022-03-10T07:10:00
db:	CNNVD	id:	CNNVD-202106-999	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-22766	date:	2024-08-03T19:15:36.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-46282	date:	2021-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-008272	date:	2022-03-10T00:00:00
db:	CNNVD	id:	CNNVD-202106-999	date:	2021-06-11T00:00:00
db:	NVD	id:	CVE-2021-22766	date:	2021-06-11T16:15:10.523