Details of VAR-202106-0545

ID

VAR-202106-0545

CVE

CVE-2021-22767

TITLE

PowerLogic EGX100 and PowerLogic EGX300 Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008273

DESCRIPTION

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276. ** Not supported ** This is a vulnerability in an unsupported product. PowerLogic EGX100 and PowerLogic EGX300 There is an input verification vulnerability in. This vulnerability is CVE-2021-22768 Is a different vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric). Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators

Trust: 2.16

sources: NVD: CVE-2021-22767 // JVNDB: JVNDB-2021-008273 // CNVD: CNVD-2021-46281

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-46281

AFFECTED PRODUCTS

vendor:	schneider electric	model:	powerlogic egx100	scope:	gte	version:	3.0.0	Trust: 1.0
vendor:	schneider electric	model:	powerlogic egx300	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	powerlogic egx100	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	powerlogic egx300	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric powerlogic egx100	scope:	gte	version:	3.0.0	Trust: 0.6
vendor:	schneider	model:	electric powerlogic egx300	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-46281 // JVNDB: JVNDB-2021-008273 // NVD: CVE-2021-22767

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22767
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-22767
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-46281
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202106-992
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-22767
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-46281
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22767
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22767
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-46281 // JVNDB: JVNDB-2021-008273 // CNNVD: CNNVD-202106-992 // NVD: CVE-2021-22767

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008273 // NVD: CVE-2021-22767

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-992

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202106-992

PATCH

title:	SEVD-2021-159-03	url:	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03	Trust: 0.8
title:	Patch for Schneider Electric PowerLogic input validation error vulnerability (CNVD-2021-46281)	url:	https://www.cnvd.org.cn/patchInfo/show/276461	Trust: 0.6
title:	Schneider Electric PowerLogic Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155014	Trust: 0.6

sources: CNVD: CNVD-2021-46281 // JVNDB: JVNDB-2021-008273 // CNNVD: CNNVD-202106-992

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22767	Trust: 3.8
db:	SCHNEIDER	id:	SEVD-2021-159-03	Trust: 2.2
db:	JVNDB	id:	JVNDB-2021-008273	Trust: 0.8
db:	CNVD	id:	CNVD-2021-46281	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-992	Trust: 0.6

sources: CNVD: CNVD-2021-46281 // JVNDB: JVNDB-2021-008273 // CNNVD: CNNVD-202106-992 // NVD: CVE-2021-22767

REFERENCES

url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-03	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22767	Trust: 1.4

sources: CNVD: CNVD-2021-46281 // JVNDB: JVNDB-2021-008273 // CNNVD: CNNVD-202106-992 // NVD: CVE-2021-22767

SOURCES

db:	CNVD	id:	CNVD-2021-46281
db:	JVNDB	id:	JVNDB-2021-008273
db:	CNNVD	id:	CNNVD-202106-992
db:	NVD	id:	CVE-2021-22767

LAST UPDATE DATE

2024-08-14T13:54:03.036000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-46281	date:	2021-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-008273	date:	2022-03-10T07:10:00
db:	CNNVD	id:	CNNVD-202106-992	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-22767	date:	2024-08-03T19:15:36.920

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-46281	date:	2021-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-008273	date:	2022-03-10T00:00:00
db:	CNNVD	id:	CNNVD-202106-992	date:	2021-06-11T00:00:00
db:	NVD	id:	CVE-2021-22767	date:	2021-06-11T16:15:10.593