CVE-2021-22764
5.3 MEDIUMA CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 ...
Published: 2021-06-11 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-287
Affected products
| Vendor | Product |
|---|---|
| schneider-electric | powerlogic_pm5560_firmware, powerlogic_pm5561_firmware, powerlogic_pm5562_firmware |
Description
A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-22764
- [Other]https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf
- [Other]http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03
Related CVEs
Same vendor
- CVE-2026-6332 — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information whic... (7.5 HIGH)
- CVE-2022-0715 — A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a... (9.1 CRITICAL)
- CVE-2021-22788 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP re... (7.5 HIGH)
- CVE-2021-22787 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specia... (7.5 HIGH)
- CVE-2021-22785 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to... (7.5 HIGH)
Same CWE
- CVE-2026-48780 — Forem is open source software for building communities (8.2 HIGH)
- CVE-2026-48114 — Metacat is data repository software that helps researchers preserve, share, and discover data (9.8 CRITICAL)
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
- CVE-2026-50623 — An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF (4.8 MEDIUM)
- CVE-2026-48611 — Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading t... (9.8 CRITICAL)