Free Webinar:

When Ransomware Strikes | The Impact of Ransomware in OT Environments

Skip to main content
Security Advisory

Schneider Electric PowerLogic Products

Risk Information

Limited Threat

CVE ID

CVE-2021-22763

CVE-2021-22764

CVE-2021-22765

CVE-2021-22766

CVE-2021-22767

CVE-2021-22768

Vunerability Type

Backdoor Web Server Administrator Account

Hidden Functionality

Stack-based Buffer Overflow

Memory Corruption Denial of Service

Stack-based Buffer Overflow

Stack-based Buffer Overflow

CVSS3 Score

8.1

7.5

9.8

7.5

9.8

9.8

CVSSv3 Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affecting

  • PowerLogic EGX100: All versions
  • PowerLogic EGX300: All versions
  • PowerLogic PM5560: prior to v2.8.3
  • PowerLogic PM5561: prior to 10.7.3
  • PowerLogic PM5562: All versions
  • PowerLogic PM5563: prior to v2.8.3
  • PowerLogic PM8ECC: All versions
  • Mitigation

    Schneider Electric will not release patches for the EGX100, EGX300, and PM8ECC. The PM5562 does not yet received a patch. Otherwise, update to PM5560 and PM5563: v2.8.3 or later, PM5561: v10.7.3 or later

    06/08/2021