Details of VAR-202106-0546

ID

VAR-202106-0546

CVE

CVE-2021-22768

TITLE

PowerLogic EGX100 and PowerLogic EGX300 Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008274

DESCRIPTION

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767. ** Not supported ** This is a vulnerability in an unsupported product. PowerLogic EGX100 and PowerLogic EGX300 There is an input verification vulnerability in. This vulnerability is CVE-2021-22767 Is a different vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric). Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators

Trust: 2.16

sources: NVD: CVE-2021-22768 // JVNDB: JVNDB-2021-008274 // CNVD: CNVD-2021-46280

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-46280

AFFECTED PRODUCTS

vendor:	schneider electric	model:	powerlogic egx100	scope:	gte	version:	3.0.0	Trust: 1.0
vendor:	schneider electric	model:	powerlogic egx300	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	powerlogic egx100	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	powerlogic egx300	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric powerlogic egx100	scope:	gte	version:	3.0.0	Trust: 0.6
vendor:	schneider	model:	electric powerlogic egx300	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-46280 // JVNDB: JVNDB-2021-008274 // NVD: CVE-2021-22768

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22768
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-22768
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-46280
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202106-984
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-22768
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-46280
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22768
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22768
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-46280 // JVNDB: JVNDB-2021-008274 // CNNVD: CNNVD-202106-984 // NVD: CVE-2021-22768

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008274 // NVD: CVE-2021-22768

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-984

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202106-984

PATCH

title:	SEVD-2021-159-03	url:	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03	Trust: 0.8
title:	Patch for Schneider Electric PowerLogic input validation error vulnerability (CNVD-2021-46280)	url:	https://www.cnvd.org.cn/patchInfo/show/276456	Trust: 0.6
title:	Schneider Electric PowerLogic Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155013	Trust: 0.6

sources: CNVD: CNVD-2021-46280 // JVNDB: JVNDB-2021-008274 // CNNVD: CNNVD-202106-984

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22768	Trust: 3.8
db:	SCHNEIDER	id:	SEVD-2021-159-03	Trust: 2.2
db:	JVNDB	id:	JVNDB-2021-008274	Trust: 0.8
db:	CNVD	id:	CNVD-2021-46280	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-984	Trust: 0.6

sources: CNVD: CNVD-2021-46280 // JVNDB: JVNDB-2021-008274 // CNNVD: CNNVD-202106-984 // NVD: CVE-2021-22768

REFERENCES

url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-03	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22768	Trust: 1.4

sources: CNVD: CNVD-2021-46280 // JVNDB: JVNDB-2021-008274 // CNNVD: CNNVD-202106-984 // NVD: CVE-2021-22768

SOURCES

db:	CNVD	id:	CNVD-2021-46280
db:	JVNDB	id:	JVNDB-2021-008274
db:	CNNVD	id:	CNNVD-202106-984
db:	NVD	id:	CVE-2021-22768

LAST UPDATE DATE

2024-08-14T13:54:02.961000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-46280	date:	2021-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-008274	date:	2022-03-10T07:10:00
db:	CNNVD	id:	CNNVD-202106-984	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-22768	date:	2024-08-03T19:15:37.007

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-46280	date:	2021-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-008274	date:	2022-03-10T00:00:00
db:	CNNVD	id:	CNNVD-202106-984	date:	2021-06-11T00:00:00
db:	NVD	id:	CVE-2021-22768	date:	2021-06-11T16:15:10.663