Schneider Electric PowerLogic Products
Limited Threat
CVE ID
CVE-2021-22763
CVE-2021-22764
CVE-2021-22765
CVE-2021-22766
CVE-2021-22767
CVE-2021-22768
Vunerability Type
Backdoor Web Server Administrator Account
Hidden Functionality
Stack-based Buffer Overflow
Memory Corruption Denial of Service
Stack-based Buffer Overflow
Stack-based Buffer Overflow
CVSS3 Score
8.1
7.5
9.8
7.5
9.8
9.8
CVSSv3 Vector
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affecting
Mitigation
Schneider Electric will not release patches for the EGX100, EGX300, and PM8ECC. The PM5562 does not yet received a patch. Otherwise, update to PM5560 and PM5563: v2.8.3 or later, PM5561: v10.7.3 or later
06/08/2021