CVE-2021-22763
Summary
| CVE | CVE-2021-22763 |
|---|---|
| State | PUBLISHED |
| Assigner | schneider |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-11 16:15:10 UTC |
| Updated | 2026-05-29 14:16:23 UTC |
| Description | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.002670000 probability, percentile 0.503360000 (date 2026-06-03)
Problem Types: CWE-640 | CWE-640 CWE-640: Weak Password Recovery Mechanism for Forgotten Password
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | ADP | DECLARED | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Schneider-electric | Powerlogic Pm5560 | - | All | All | All |
| Operating System | Schneider-electric | Powerlogic Pm5560 Firmware | All | All | All | All |
| Hardware | Schneider-electric | Powerlogic Pm5561 | - | All | All | All |
| Operating System | Schneider-electric | Powerlogic Pm5561 Firmware | All | All | All | All |
| Hardware | Schneider-electric | Powerlogic Pm5562 | - | All | All | All |
| Operating System | Schneider-electric | Powerlogic Pm5562 Firmware | All | All | All | All |
| Hardware | Schneider-electric | Powerlogic Pm5563 | - | All | All | All |
| Operating System | Schneider-electric | Powerlogic Pm5563 Firmware | All | All | All | All |
| Hardware | Schneider-electric | Powerlogic Pm8ecc | - | All | All | All |
| Operating System | Schneider-electric | Powerlogic Pm8ecc Firmware | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | PowerLogic PM55xx PowerLogic PM8ECC PowerLogic EGX100 And PowerLogic EGX300 See Security Notification For Version Infromation | affected PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| download.schneider-electric.com/files | [email protected] | download.schneider-electric.com | |
| download.schneider-electric.com/files | af854a3a-2127-422b-91ae-364da2661108 | download.schneider-electric.com | |
| MISC:http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02,http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03 | MITRE | download.schneider-electric.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.