Register Your Interest:

Join us on Sunday, November 5, 2023, in Hanover, Maryland, for DISC 2023!

Register Now
Skip to main content
Security Advisory

Schneider Electric PowerLogic Products

Risk Information

Limited Threat

CVE ID

CVE-2021-22763

CVE-2021-22764

CVE-2021-22765

CVE-2021-22766

CVE-2021-22767

CVE-2021-22768

Vunerability Type

Backdoor Web Server Administrator Account

Hidden Functionality

Stack-based Buffer Overflow

Memory Corruption Denial of Service

Stack-based Buffer Overflow

Stack-based Buffer Overflow

CVSS3 Score

8.1

7.5

9.8

7.5

9.8

9.8

CVSSv3 Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affecting

  • PowerLogic EGX100: All versions
  • PowerLogic EGX300: All versions
  • PowerLogic PM5560: prior to v2.8.3
  • PowerLogic PM5561: prior to 10.7.3
  • PowerLogic PM5562: All versions
  • PowerLogic PM5563: prior to v2.8.3
  • PowerLogic PM8ECC: All versions

    • Mitigation

    Schneider Electric will not release patches for the EGX100, EGX300, and PM8ECC. The PM5562 does not yet received a patch. Otherwise, update to PM5560 and PM5563: v2.8.3 or later, PM5561: v10.7.3 or later

    06/08/2021