CVE-2021-22764
Summary
| CVE | CVE-2021-22764 |
|---|---|
| State | PUBLISHED |
| Assigner | schneider |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-11 16:15:10 UTC |
| Updated | 2026-05-29 14:16:23 UTC |
| Description | A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request. |
Risk And Classification
Primary CVSS: v3.1 5.3 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS: 0.002480000 probability, percentile 0.482810000 (date 2026-06-03)
Problem Types: CWE-287 | CWE-287 CWE-287: Improper Authentication
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | ADP | DECLARED | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| 2.0 | [email protected] | Primary | 5 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
LowCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
PartialAV:N/AC:L/Au:N/C:N/I:N/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Schneider-electric | Powerlogic Pm5560 | - | All | All | All |
| Operating System | Schneider-electric | Powerlogic Pm5560 Firmware | All | All | All | All |
| Hardware | Schneider-electric | Powerlogic Pm5561 | - | All | All | All |
| Operating System | Schneider-electric | Powerlogic Pm5561 Firmware | All | All | All | All |
| Hardware | Schneider-electric | Powerlogic Pm5562 | - | All | All | All |
| Operating System | Schneider-electric | Powerlogic Pm5562 Firmware | All | All | All | All |
| Hardware | Schneider-electric | Powerlogic Pm5563 | - | All | All | All |
| Operating System | Schneider-electric | Powerlogic Pm5563 Firmware | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | PowerLogic PM55xx PowerLogic EGX100 And PowerLogic EGX300 See Security Notification For Version Infromation | affected PowerLogic PM55xx, PowerLogic EGX100, and PowerLogic EGX300 (see security notification for version infromation) | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| download.schneider-electric.com/files | [email protected] | download.schneider-electric.com | |
| download.schneider-electric.com/files | af854a3a-2127-422b-91ae-364da2661108 | download.schneider-electric.com | |
| MISC:http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02,http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03 | MITRE | download.schneider-electric.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.