CVE-2021-22701

4.5 MEDIUM

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9...

Published: 2021-02-19 · Last updated: 2026-05-29

Severity and scoring

CVSS: 4.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
CWE: CWE-352

Affected products

Vendor	Product
schneider-electric	powerlogic_ion7400_firmware, powerlogic_ion7650_firmware, powerlogic_ion8300_firmware

Description

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-22701
[Vendor advisory]https://www.se.com/ww/en/download/document/SEVD-2021-040-01/
[Vendor advisory]https://www.se.com/ww/en/download/document/SEVD-2021-040-01/

Related CVEs

Same vendor

CVE-2026-6332 — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information whic... (7.5 HIGH)
CVE-2022-0715 — A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a... (9.1 CRITICAL)
CVE-2021-22788 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP re... (7.5 HIGH)
CVE-2021-22787 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specia... (7.5 HIGH)
CVE-2021-22785 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to... (7.5 HIGH)

Same CWE

CVE-2026-49043 — Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions (4.7 MEDIUM)
CVE-2026-48518 — MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances (4.3 MEDIUM)
CVE-2016-20083 — WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized action... (5.3 MEDIUM)
CVE-2016-20074 — WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorize... (4.3 MEDIUM)
CVE-2016-20067 — WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on beh... (4.3 MEDIUM)