Skip to main content
Security Advisory

Schneider Electric PowerLogic Products

If possible, retire the gateway as it has been discontinued. Otherwise, control network access to the device as tightly as possible. Block access to the web interface on port TCP/80 and use the serial interface for configuration.

Risk Information

affected product:

EGX100, EGX300, PM5560, PM5561, PM5562, PM5563, PM8ECC

Limited Threat

CVE ID

CVE-2021-22763

CVE-2021-22764

CVE-2021-22765

CVE-2021-22766

CVE-2021-22767

CVE-2021-22768

ID

CVE-2021-22763

Source

Dragos

Skill Level

N/A

CVSSV3 BASE / TEMPORAL SCORE

N/A

CVSSV3 vector

N/A

Affecting

  • EGX100, EGX300, PM5560, PM5561, PM5562, PM5563, PM8ECC
  • Vulnerability Type

    Hidden Functionality

    Stack-based Buffer Overflow

    Heap-based Buffer Overflow

    Memory Corruption Denial of Service

    Stack-based Buffer Overflow

    Stack-based Buffer Overflow

    Disclosure Timeline

    06/08/2021 - Dragos discloses issue