CVE-2021-22767 - OpenCVE

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Powerlogic Egx100 Powerlogic Egx300 Firmware Powerlogic Egx300 Powerlogic Egx100 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:powerlogic_egx100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:powerlogic_egx100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:powerlogic_egx300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:powerlogic_egx300:-:*:*:*:*:*:*:*

References

Link	Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2021-06-11T15:40:47

Updated: 2021-06-11T15:40:47

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22767

JSON object: View

NVD Information

Status : Modified

Published: 2021-06-11T16:15:10.593

Modified: 2024-05-17T01:53:54.350

Link: CVE-2021-22767

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)", "vendor": "n/a", "versions": [{"status": "affected", "version": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)"}]}], "descriptions": [{"lang": "en", "value": "A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-11T15:40:47", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03"}], "tags": ["unsupported-when-assigned"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2021-22767", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)", "version": {"version_data": [{"version_value": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22768"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20: Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03", "refsource": "MISC", "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03"}]}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2021-22767", "datePublished": "2021-06-11T15:40:47", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2021-06-11T15:40:47", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_egx100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "29A55C4C-0D14-4C55-ABBC-83280E221DE3", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_egx100:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE28A3BC-AD07-48F1-9DB9-65616A9399B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_egx300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CB9B239-F219-4DF4-B53B-4DCE38F3205F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_egx300:-:*:*:*:*:*:*:*", "matchCriteriaId": "59A033CD-1DBC-44A4-9C56-1F97C3F40C6F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276"}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** UN CWE-20: Se presenta una vulnerabilidad de comprobaci\u00f3n inapropiada de la entrada en PowerLogic EGX100 (versiones 3.0.0 y posteriores) y PowerLogic EGX300 (todas las versiones) que podr\u00eda causar una denegaci\u00f3n de servicio o una ejecuci\u00f3n de c\u00f3digo remota por medio de un paquete HTTP especialmente dise\u00f1ado. Este ID de CVE es diferente de CVE-2021-22768"}], "id": "CVE-2021-22767", "lastModified": "2024-05-17T01:53:54.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-11T16:15:10.593", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "cybersecurity@se.com", "type": "Primary"}]}