Security Advisory
Schneider Electric PowerLogic Products
If possible, retire the gateway as it has been discontinued. Otherwise, control network access to the device as tightly as possible. Block access to the web interface on port TCP/80 and use the serial interface for configuration.
Risk Information
affected product:
EGX100, EGX300, PM5560, PM5561, PM5562, PM5563, PM8ECC
Limited Threat
CVE ID
CVE-2021-22763
CVE-2021-22764
CVE-2021-22765
CVE-2021-22766
CVE-2021-22767
CVE-2021-22768
ID
CVE-2021-22763
Source
Dragos
Skill Level
N/A
CVSSV3 BASE / TEMPORAL SCORE
N/A
CVSSV3 vector
N/A
Affecting
Vulnerability Type
Hidden Functionality
Stack-based Buffer Overflow
Heap-based Buffer Overflow
Memory Corruption Denial of Service
Stack-based Buffer Overflow
Stack-based Buffer Overflow
Disclosure Timeline
06/08/2021 - Dragos discloses issue