CVE-2021-22714 - OpenCVE

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Powerlogic Pm8000 Firmware Powerlogic Ion7400 Powerlogic Ion9000 Firmware Powerlogic Ion7400 Firmware Powerlogic Ion9000 Powerlogic Pm8000

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2021-068-02	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2021-03-11T20:13:56

Updated: 2021-03-11T20:13:56

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22714

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-11T21:15:12.497

Modified: 2022-02-03T16:21:08.537

Link: CVE-2021-22714

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0)", "vendor": "n/a", "versions": [{"status": "affected", "version": "PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0)"}]}], "descriptions": [{"lang": "en", "value": "A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-11T20:13:56", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.se.com/ww/en/download/document/SEVD-2021-068-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2021-22714", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0)", "version": {"version_data": [{"version_value": "PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}]}, "references": {"reference_data": [{"name": "https://www.se.com/ww/en/download/document/SEVD-2021-068-02", "refsource": "MISC", "url": "https://www.se.com/ww/en/download/document/SEVD-2021-068-02"}]}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2021-22714", "datePublished": "2021-03-11T20:13:56", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2021-03-11T20:13:56", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCE7015C-02DD-44A1-ADEE-5E71CE312266", "versionEndExcluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8F28EAA-FC60-4CE0-BD39-DFD3EB88E195", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5A75862-E1AC-4C6E-83AD-DE5FCD8BA50D", "versionEndExcluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "B16A7BEC-1BED-4A61-A6C9-BF7DB13B998C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "32067EA8-5153-4A00-9DE8-C4BEC42C00A6", "versionEndExcluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6718EAAA-074D-4807-AC2D-DD0A06D397FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution."}, {"lang": "es", "value": "A CWE-119: se presenta una vulnerabilidad de Restricci\u00f3n Inapropiada de Operaciones dentro de los L\u00edmites de un B\u00fafer de la Memoria en PowerLogic ION7400, PM8000 e ION9000 (todas las versiones anteriores a V3.0.0), lo que podr\u00eda causar al medidor reiniciarse o permitir una ejecuci\u00f3n de c\u00f3digo remota"}], "id": "CVE-2021-22714", "lastModified": "2022-02-03T16:21:08.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-11T21:15:12.497", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2021-068-02"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cybersecurity@se.com", "type": "Primary"}]}